Author: derevko-guest
Date: 2009-06-19 09:09:04 +0000 (Fri, 19 Jun 2009)
New Revision: 12161
Modified:
data/CVE/list
Log:
Reverted changes in packages accepted in stable/oldstable. Those entries have
to be changed
when the stable/oldstable update has actually been released, and not when a
package is accepted in
stable/oldstable. Sorry for the trouble.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-19 07:59:21 UTC (rev 12160)
+++ data/CVE/list 2009-06-19 09:09:04 UTC (rev 12161)
@@ -350,7 +350,7 @@
NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache
...)
- apr-util 1.3.7+dfsg-1 (low)
- [lenny] - apr-util 1.2.12+dfsg-8+lenny3
+ TODO: next point release: [lenny] - apr-util 1.2.12+dfsg-8+lenny3
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in
xml/apr_xml.c in ...)
{DSA-1812-1}
- apr-util 1.3.7+dfsg-1 (medium)
@@ -1286,7 +1286,8 @@
NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10,
as used ...)
- system-tools-backends 2.6.0-6.1 (low; bug #527952)
- [lenny] - system-tools-backends 2.6.0-2lenny3
+ [lenny] - system-tools-backends <no-dsa> (Minor issue, scheduled for
next point update)
+ TODO: add after r2 [lenny] - system-tools-backends 2.6.0-2lenny3
[etch] - system-tools-backends <not-affected> (SHA was added to
crypt(3) post-etch)
CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not
protect the ...)
{DSA-1802-1}
@@ -2706,10 +2707,11 @@
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create
or ...)
- screen 4.0.3-13 (low; bug #521123)
[etch] - screen <not-affected> (etch version predates #433338)
- [lenny] - screen 4.0.3-11+lenny1
+ [lenny] - screen <no-dsa> (Minor issue)
+ TODO: add after r2 [lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary
file with ...)
- screen 4.0.3-13 (unimportant; bug #521123)
- [lenny] - screen 4.0.3-11+lenny1
+ TODO: add after r2 [lenny] - screen 4.0.3-11+lenny1
NOTE: documented behaviour "or the public accessible screen-exchange",
see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
- bugzilla <unfixed> (low; bug #514143)
@@ -3344,7 +3346,8 @@
NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1,
and 7.2 ...)
- kfreebsd-7 7.1-3
- [lenny] - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
+ TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and
...)
NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the
Admin ...)
@@ -8993,7 +8996,8 @@
- kfreebsd-6 <unfixed>
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
- kfreebsd-7 7.1-1
- [lenny] - kfreebsd-7 7.0-7lenny1
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
+ TODO: lenny r02 [lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and
Server ...)
- openssh <unfixed> (low; bug #506115)
[etch] - openssh <no-dsa> (Minor issue, see
http://www.openssh.org/txt/cbc.adv)
@@ -26824,7 +26828,8 @@
[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
- libarchive-tar-perl 1.38-1 (low; bug #449544)
[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
- [etch] - libarchive-tar-perl 1.38-3~etch1
+ [etch] - libarchive-tar-perl <no-dsa> (Minor issue)
+ TODO: next point release [etch] - libarchive-tar-perl 1.38-3~etch1
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API
pretty-printing ...)
- mediawiki 1.10.2-1 (low; bug #442255)
[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
