Author: derevko-guest
Date: 2009-10-15 13:23:11 +0000 (Thu, 15 Oct 2009)
New Revision: 13021
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- CVE-2009-3564 no-dsa
- CVE-2009-3589 fixed in incron 0.5.7-1
- CVE-2009-3575: Buffer overflow in DHTRoutingTableDeserializer.cc in aria2
- openoffice.org issues
- NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-15 11:33:36 UTC (rev 13020)
+++ data/CVE/list 2009-10-15 13:23:11 UTC (rev 13021)
@@ -1,5 +1,5 @@
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and
earlier ...)
- TODO: check
+ NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 [phpMyAdmin XSS/SQL inj PMASA-2009-6]
RESERVED
- phpmyadmin 4:3.2.2.1-1
@@ -116,7 +116,7 @@
CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote
attackers to ...)
NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging
feature in ...)
- TODO: check
+ NOT-FOR-US: FrontRange HEAT
CVE-2009-3641
RESERVED
CVE-2009-3640
@@ -198,11 +198,11 @@
[etch] - dopewars <no-dsa> (negligible issue)
[lenny] - dopewars <no-dsa> (neglibigble issue)
CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when
running a ...)
- TODO: check
+ - incron 0.5.7-1
CVE-2009-3588 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
- TODO: check
+ NOT-FOR-US: eTrust Antivirus
CVE-2009-3587 (Unspecified vulnerability in the arclib component in the
Anti-Virus ...)
- TODO: check
+ NOT-FOR-US: eTrust Antivirus
CVE-2009-3586
RESERVED
CVE-2009-3585
@@ -224,15 +224,18 @@
CVE-2009-3576
RESERVED
CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2
0.15.3, ...)
- TODO: check
+ - aria2 1.2.0-1 (low; bug #551070)
CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown
impact ...)
- TODO: check
+ - openoffice.org <unfixed> (medium; bug #551068)
+ NOTE: details are unknown
CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has
unspecified ...)
- TODO: check
+ - openoffice.org <unfixed> (medium; bug #551068)
+ NOTE: details are unknown
CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows
remote ...)
- TODO: check
+ - openoffice.org <unfixed> (medium; bug #551068)
+ NOTE: details are unknown
CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module
for ...)
- TODO: check
+ NOT-FOR-US: module for Drupal
CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration
tool in ...)
- virtualbox-ose <unfixed>
[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
@@ -282,7 +285,9 @@
CVE-2009-3565
RESERVED
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary
groups ...)
- TODO: check
+ - puppet <unfixed> (low; bug #551073)
+ [etch] - puppet <no-dsa> (minor issue)
+ [lenny] - puppet <no-dsa> (minor issue)
CVE-2009-3563
RESERVED
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server
4.32 ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2009-10-15 11:33:36 UTC (rev 13020)
+++ data/ospu-candidates.txt 2009-10-15 13:23:11 UTC (rev 13021)
@@ -604,6 +604,12 @@
--
+puppet (CVE-2009-3564)
+#551073
+notified maintainer in initial bug report
+
+--
+
python2.4 (CVE-2008-4864, CVE-2008-5031)
#504620
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2009-10-15 11:33:36 UTC (rev 13020)
+++ data/spu-candidates.txt 2009-10-15 13:23:11 UTC (rev 13021)
@@ -269,6 +269,12 @@
--
+puppet (CVE-2009-3564)
+#551073
+notified maintainer in initial bug report
+
+--
+
rails (CVE-2009-3086)
bug #545063
notified maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
