Author: jmm-guest Date: 2009-02-10 15:56:03 +0000 (Tue, 10 Feb 2009) New Revision: 11178
Modified: data/CVE/list data/spu-candidates.txt Log: add latest point update Modified: data/CVE/list =================================================================== --- data/CVE/list 2009-02-10 15:37:34 UTC (rev 11177) +++ data/CVE/list 2009-02-10 15:56:03 UTC (rev 11178) @@ -1,3 +1,5 @@ +CVE-2009-0489 [insecure dbus policy in wicd] + - wicd 1.5.9-1 CVE-2009-XXXX [typo3 information disclosure & xss] - typo3-src 4.2.6-1 (medium; bug #514713) [lenny] - typo3-src 4.2.5-1+lenny1 @@ -418,10 +420,9 @@ NOT-FOR-US: QuidaScript BookMarks Favourites Script CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...) NOT-FOR-US: Micronation Banking System -CVE-2009-XXXX [mahara: XSS in forum posts] +CVE-2009-0487 [mahara: XSS in forum posts] - mahara 1.0.9-1 (low) [lenny] - mahara 1.0.4-4 - NOTE: CVE id requested CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...) - squid 2.7.STABLE3-4.1 (medium; bug #514142) - squid3 3.0.STABLE8-3 (medium) @@ -435,7 +436,7 @@ - bugzilla <unfixed> (bug #514143) CVE-2009-XXXX [glpi sql injection] - glpi 0.71.5-1 (bug #513611) -CVE-2009-XXXX [buffer overflow] +CVE-2009-0490 [buffer overflow] - audacity 1.3.6-1 (bug #514138) NOTE: http://www.milw0rm.com/exploits/7634 NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493 @@ -614,8 +615,7 @@ CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...) {DTSA-190-1} - gnumeric 1.8.4-3 (low; bug #513418) - TODO: next point release: [etch] - gnumeric 1.6.3-5.1+etch2 - [etch] - gnumeric <no-dsa> (Minor issue) + [etch] - gnumeric 1.6.3-5.1+etch2 CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...) - nautilus-python 0.4.3-3.2 (low; bug #513419) CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...) @@ -2669,8 +2669,7 @@ [etch] - cupsys <unfixed> (low) CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...) - crip 3.7-5 (low; bug #509275) - [etch] - crip <no-dsa> (Not run as root) - TODO: next point release: [etch] - crip 3.7-3+etch1 + [etch] - crip 3.7-3+etch1 CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite ...) - cmus 2.2.0-1.1 (unimportant; bug #509277) NOTE: Just an example script @@ -2695,8 +2694,7 @@ NOTE: but these situations are really corner cases CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...) - muttprint 0.72d-10 (low; bug #509487) - [etch] - muttprint <no-dsa> (Minor issue) - TODO: next point release: [etch] - muttprint 0.72d-8etch1 + [etch] - muttprint 0.72d-8etch1 CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...) - ppp <unfixed> (unimportant) NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation @@ -2932,8 +2930,7 @@ CVE-2008-XXXX [Insecure tmpdir creation] [lenny] - devscripts 2.10.35lenny1 (low) - devscripts 2.10.42 (low; bug #507482) - [etch] - devscripts <no-dsa> (Minor issue) - TODO: next point release: [etch] - devscripts 2.9.26etch2 + [etch] - devscripts 2.9.26etch2 CVE-2008-XXXX [Insecure tempfile creation] - devscripts 2.10.42 (low; bug #508111) [etch] - devscripts <not-affected> (vulnerable code not present) @@ -3379,7 +3376,7 @@ [lenny] - libpam-mount 0.44-1+lenny2 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...) - tkman 2.2-4 (low; bug #506496) - [etch] - tkman <no-dsa> (Minor issue) + [etch] - tkman 2.2-2etch1 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...) [etch] - tkusr <no-dsa> (Minor issue) - tkusr <removed> (low) @@ -5561,8 +5558,7 @@ - lustre 1.6.5.1-1 (low; bug #496371) CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets long ...) - linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518) - [etch] - linux-ftpd-ssl <no-dsa> (Minor issue) - TODO: next point release [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1 + [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1 - linux-ftpd 0.17-29 (bug #500278) [etch] - linux-ftpd <no-dsa> (Minor issue) CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php] Modified: data/spu-candidates.txt =================================================================== --- data/spu-candidates.txt 2009-02-10 15:37:34 UTC (rev 11177) +++ data/spu-candidates.txt 2009-02-10 15:56:03 UTC (rev 11178) @@ -115,12 +115,6 @@ -- -devscripts -#507482 -notified maintainer - --- - dia #504251 notified maintainer @@ -357,12 +351,6 @@ -- -muttprint (CVE-2008-5368) -#509487 -notified maintainer - --- - myspell #496392 notified maintainer @@ -524,12 +512,6 @@ -- -tkman (CVE-2008-5137) -#506496 -notified maintainer - --- - tomboy (CVE-2005-4790) notified maintainer _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits