[Secure-testing-commits] r11178 - in data: . CVE

jmm-guest Tue, 10 Feb 2009 07:56:08 -0800

Author: jmm-guest
Date: 2009-02-10 15:56:03 +0000 (Tue, 10 Feb 2009)
New Revision: 11178


Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
add latest point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-02-10 15:37:34 UTC (rev 11177)
+++ data/CVE/list       2009-02-10 15:56:03 UTC (rev 11178)
@@ -1,3 +1,5 @@
+CVE-2009-0489 [insecure dbus policy in wicd]
+       - wicd 1.5.9-1
 CVE-2009-XXXX [typo3 information disclosure & xss]
        - typo3-src 4.2.6-1 (medium; bug #514713)
        [lenny] - typo3-src 4.2.5-1+lenny1
@@ -418,10 +420,9 @@
        NOT-FOR-US: QuidaScript BookMarks Favourites Script
 CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in 
Micronation ...)
        NOT-FOR-US: Micronation Banking System
-CVE-2009-XXXX [mahara: XSS in forum posts]
+CVE-2009-0487 [mahara: XSS in forum posts]
        - mahara 1.0.9-1 (low)
        [lenny] - mahara 1.0.4-4
-       NOTE: CVE id requested
 CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 
3.1.0.4 ...)
        - squid 2.7.STABLE3-4.1 (medium; bug #514142)
        - squid3 3.0.STABLE8-3 (medium)
@@ -435,7 +436,7 @@
        - bugzilla <unfixed> (bug #514143)
 CVE-2009-XXXX [glpi sql injection]
        - glpi 0.71.5-1 (bug #513611)
-CVE-2009-XXXX [buffer overflow]
+CVE-2009-0490 [buffer overflow]
        - audacity 1.3.6-1 (bug #514138)
        NOTE: http://www.milw0rm.com/exploits/7634
        NOTE: https://bugs.gentoo.org/show_bug.cgi?id=253493
@@ -614,8 +615,7 @@
 CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python 
interpreter ...)
        {DTSA-190-1}
        - gnumeric 1.8.4-3 (low; bug #513418)
-       TODO: next point release: [etch] - gnumeric 1.6.3-5.1+etch2
-       [etch] - gnumeric <no-dsa> (Minor issue)
+       [etch] - gnumeric 1.6.3-5.1+etch2
 CVE-2009-0317 (Untrusted search path vulnerability in the Python language 
bindings ...)
        - nautilus-python 0.4.3-3.2 (low; bug #513419)
 CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the 
Python ...)
@@ -2669,8 +2669,7 @@
        [etch] - cupsys <unfixed> (low)
 CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite 
arbitrary ...)
        - crip 3.7-5 (low; bug #509275)
-       [etch] - crip <no-dsa> (Not run as root)
-       TODO: next point release: [etch] - crip 3.7-3+etch1
+       [etch] - crip 3.7-3+etch1
 CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to 
overwrite ...)
        - cmus 2.2.0-1.1 (unimportant; bug #509277)
        NOTE: Just an example script
@@ -2695,8 +2694,7 @@
        NOTE: but these situations are really corner cases
 CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite 
arbitrary ...)
        - muttprint 0.72d-10 (low; bug #509487)
-       [etch] - muttprint <no-dsa> (Minor issue)
-       TODO: next point release: [etch] - muttprint 0.72d-8etch1
+       [etch] - muttprint 0.72d-8etch1
 CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local 
users to ...)
        - ppp <unfixed> (unimportant)
        NOTE: insecure temp file handling in udeb is not an issue, since it is 
during the installation
@@ -2932,8 +2930,7 @@
 CVE-2008-XXXX [Insecure tmpdir creation]
        [lenny] - devscripts 2.10.35lenny1 (low)
        - devscripts 2.10.42 (low; bug #507482)
-       [etch] - devscripts <no-dsa> (Minor issue)
-       TODO: next point release: [etch] - devscripts 2.9.26etch2
+       [etch] - devscripts 2.9.26etch2
 CVE-2008-XXXX [Insecure tempfile creation]
        - devscripts 2.10.42 (low; bug #508111)
        [etch] - devscripts <not-affected> (vulnerable code not present)
@@ -3379,7 +3376,7 @@
        [lenny] - libpam-mount 0.44-1+lenny2
 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary 
files via ...)
        - tkman 2.2-4 (low; bug #506496)
-       [etch] - tkman <no-dsa> (Minor issue)
+       [etch] - tkman 2.2-2etch1
 CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary 
files ...)
        [etch] - tkusr <no-dsa> (Minor issue)
        - tkusr <removed> (low)
@@ -5561,8 +5558,7 @@
        - lustre 1.6.5.1-1 (low; bug #496371)
 CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, and NetBSD 4.0 interprets 
long ...)
        - linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
-       [etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
-       TODO: next point release [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
+       [etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
        - linux-ftpd 0.17-29 (bug #500278)
        [etch] - linux-ftpd <no-dsa> (Minor issue)
 CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2009-02-10 15:37:34 UTC (rev 11177)
+++ data/spu-candidates.txt     2009-02-10 15:56:03 UTC (rev 11178)
@@ -115,12 +115,6 @@
 
 --
 
-devscripts
-#507482
-notified maintainer
-
---
-
 dia
 #504251
 notified maintainer
@@ -357,12 +351,6 @@
 
 --
 
-muttprint (CVE-2008-5368)
-#509487
-notified maintainer
-
---
-
 myspell
 #496392
 notified maintainer
@@ -524,12 +512,6 @@
 
 --
 
-tkman (CVE-2008-5137)
-#506496
-notified maintainer
-
---
-
 tomboy (CVE-2005-4790)
 notified maintainer
 


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11178 - in data: . CVE

Reply via email to