Author: jmm-guest
Date: 2010-04-13 21:44:56 +0000 (Tue, 13 Apr 2010)
New Revision: 14470
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- konversation not-affected
- trac no-dsa
- more information on RTSP issue affecting mplayer and VLC
- opendchub not-affected in Lenny
- tgt fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-13 21:14:45 UTC (rev 14469)
+++ data/CVE/list 2010-04-13 21:44:56 UTC (rev 14470)
@@ -514,6 +514,7 @@
[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka
Open DC ...)
- opendchub <unfixed> (bug #576308)
+ [lenny] - opendchub <not-affected> (Vulnerable code not present)
CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS
filesystem ...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
@@ -1720,7 +1721,7 @@
NOTE:
http://www.juniper.net/security/auto/vulnerabilities/vuln35507.html
CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux
SCSI ...)
- iscsitarget <unfixed> (medium; bug #574935)
- - tgt <unfixed> (medium; bug #576086)
+ - tgt 1:1.0.3-2 (medium; bug #576086)
CVE-2010-0742
RESERVED
CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the
...)
@@ -1943,6 +1944,7 @@
- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2010-XXXX [konversation DoS]
- konversation 1.2.3-1 (low)
+ [lenny] - konversation <not-affected> (Doesn't affect the combination
of kdelibs/QT in Lenny)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- chromium-browser <itp> (bug #520334)
@@ -4025,7 +4027,8 @@
CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in
American ...)
NOT-FOR-US: APC Switched Rack PDU AP7932 B2
CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have
...)
- - trac 0.11.6-1
+ - trac 0.11.6-1 (low)
+ [lenny] - trac <no-dsa> (Minor information disclosure)
CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before
2.8 ...)
- t-prot 2.8-1 (low)
[etch] - t-prot <no-dsa> (Minor issue)
@@ -9985,11 +9988,12 @@
CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1
allows ...)
NOT-FOR-US: Peel
CVE-2009-XXXX [VLC: integer underflow in Real RTSP]
- - vlc 1.0.1-1
+ - vlc <unfixed>
- mplayer <unfixed>
- xine-lib <not-affected> (immune due to additional check in
xio_rw_abbort())
- NOTE: Posting on full-disclosure contains details
- TODO: Which posting?
+ TODO: File bugs
+ NOTE:
http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
+ NOTE:
http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP
SP3 ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-04-13 21:14:45 UTC (rev 14469)
+++ data/spu-candidates.txt 2010-04-13 21:44:56 UTC (rev 14470)
@@ -434,6 +434,10 @@
--
+trac (CVE-2009-4405)
+
+--
+
udev (#462655)
notified maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
