Author: jmm-guest
Date: 2010-06-10 17:14:26 +0000 (Thu, 10 Jun 2010)
New Revision: 14853
Modified:
data/CVE/list
Log:
- sudo bugnum
- two xinha embedders not-affected
- moodle temp entry was CVEfied
- record openjdk fixes using the same security branch as sun java
- fix samba version number for wide_links issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-06-10 15:58:35 UTC (rev 14852)
+++ data/CVE/list 2010-06-10 17:14:26 UTC (rev 14853)
@@ -791,8 +791,8 @@
- serendipity 1.5.3-1
[lenny] - serendipity <not-affected> (Only affects >= 1.4)
- horde3 <undetermined> (bug #585165)
- - openacs <undetermined> (bug #585163)
- - dotlrn <undetermined> (bug #585164)
+ - openacs <not-affected> (Doesn't use the PHP interface, see bug
#585163)
+ - dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3
through ...)
- php5 <unfixed> (unimportant)
CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2
allows ...)
@@ -878,8 +878,8 @@
NOT-FOR-US: PHP Easy Shopping Cart
CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows
remote ...)
- typo3-src 4.2.5-1+lenny3
- NOTE: I have on idea when this was fixed, 4.2.5-1+lenny3 is the version
currently in lenny
- NOTE: which is not affected by this bug
+ NOTE: I have no idea when this was fixed, 4.2.5-1+lenny3 is the
version currently in lenny
+ NOTE: which is not affected by this bug
CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to
...)
NOT-FOR-US: TalkBack
CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox
before ...)
@@ -1351,7 +1351,7 @@
- mediawiki <unfixed>
NOTE:
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22
and ...)
- - sudo <unfixed> (bug filed)
+ - sudo <unfixed> (bug #585394)
CVE-2010-1645
RESERVED
CVE-2010-1644
@@ -3108,7 +3108,6 @@
[lenny] - alien-arena <no-dsa> (Contrib not supported)
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
- glpi 0.72.4-2 (bug #574760)
- - moodle <unfixed> (bug #574757)
NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
CVE-2010-1028 (Integer overflow in the decompression functionality in the Web
Open ...)
- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
@@ -3433,8 +3432,8 @@
NOTE: somewhat impractical right now, but the openssl developers are
working
NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x
before ...)
- - samba 2:3.5.1~dfsg-1 (low; bug #568493; bug #572953)
- [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour,
can be fixed through configuration modifications)
+ - samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
+ [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour,
can be fixed through configuration modifications)
CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table
is ...)
NOT-FOR-US: Perforce Server
CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows
remote ...)
@@ -7995,7 +7994,7 @@
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before
Update 17 ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on
Windows ...)
@@ -8049,7 +8048,7 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java
SE in ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the
...)
@@ -8065,15 +8064,15 @@
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank
function in ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6
before ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java
Runtime ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE)
in Sun ...)
@@ -8481,7 +8480,7 @@
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the
ReqWeb Help ...)
NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing
functionality ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17-1.7-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2009-3728 (Directory traversal vulnerability in the
ICC_Profile.getInstance ...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
