[Secure-testing-commits] r11712 - in data: . CVE

Moritz Muehlenhoff Fri, 24 Apr 2009 10:35:18 -0700

Author: jmm-guest
Date: 2009-04-24 17:35:12 +0000 (Fri, 24 Apr 2009)
New Revision: 11712


Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- mark slurm as fixed for lenny
- remove wireshark duplicates
- one kernel issue has been renamed
- pptp-linux no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-04-24 15:49:30 UTC (rev 11711)
+++ data/CVE/list       2009-04-24 17:35:12 UTC (rev 11712)
@@ -111,6 +111,7 @@
        - pptp-linux <unfixed> (low; bug #523476)
 CVE-2009-XXXX [slurm-llnl doesn't drop supplementary groups]
        - slurm-llnl 1.3.15-1 (bug #524980)
+       [lenny] - slurm-llnl 1.3.6-1lenny3
 CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows 
remote ...)
        NOT-FOR-US: Easy RM to MP3 Converter
 CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream 
Recorder ...)
@@ -370,16 +371,17 @@
        - php4 <not-affected> (the JSON extension was introduced in php5.2)
        - php-json-ext <unfixed>
 CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 
allows ...)
-       - wireshark 1.0.7-1
+       - wireshark 1.0.7-1 (low)
+       [etch] - wireshark <not-affected> (Vulnerable code not present; 
introduced in 0.99.6)
 CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in 
...)
-       - wireshark 1.0.7-1
+       - wireshark 1.0.7-1 (low)
 CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 
0.99.2 ...)
-       - wireshark 1.0.7-1
+       - wireshark <not-affected> (Only affects Wireshark on Windows)
 CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7-0.1-1 has 
unknown ...)
-       TODO: check
-       NOTE: is likely getting rejected
+       NOTE: is likely getting rejected, duplicate
 CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the 
Linux ...)
        - linux-2.6 <unfixed>
+       - linux-2.6.24 <unfixed>
 CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 
2.5.20 and ...)
        NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
 CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the 
BookJoomlas ...)
@@ -452,13 +454,6 @@
        - roundup 1.4.4-4+lenny1 (bug #518768)
        [etch] - roundup 1.2.1-10+etch1
        [lenny] - roundup 1.4.4-4+lenny1
-CVE-2009-XXXX [Wireshark: The LDAP dissector could crash on Windows]
-       - wireshark <not-affected> (Only affects Wireshark on Windows)
-CVE-2009-XXXX [Wireshark: Wireshark could crash while loading a Tektronix .rf5 
file]
-       - wireshark <unfixed>
-       [etch] - wireshark <not-affected> (Vulnerable code not present; 
introduced in 0.99.6)
-CVE-2009-XXXX [Wireshark: The Check Point High-Availability Protocol (CPHAP) 
dissector could crash.]
-       - wireshark <unfixed>
 CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to 
cause ...)
        {DSA-1771-1}
        - clamav 0.95.1+dfsg-1 (medium; bug #523016)
@@ -748,7 +743,7 @@
 CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is 
enabled, uses ...)
        NOT-FOR-US: Blue Coat ProxySG
 CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) 
dissector in ...)
-       - wireshark 1.0.7-1
+       - wireshark 1.0.7-1 (low)
        [etch] - wireshark <not-affected> (Vulnerable code not present, 
introduced in 0.99.6)
 CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 
allows ...)
        - amaya <removed>
@@ -2092,10 +2087,8 @@
        RESERVED
 CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
        - libapache2-mod-perl2 <unfixed>
-CVE-2009-0795 [af_rose/x25 DoS]
+CVE-2009-0795
        REJECTED
-       - linux-2.6 <unfixed>
-       - linux-2.6.24 <unfixed>
 CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)
        - openjdk-6 <unfixed>
 CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in 
OpenJDK ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt    2009-04-24 15:49:30 UTC (rev 11711)
+++ data/ospu-candidates.txt    2009-04-24 17:35:12 UTC (rev 11712)
@@ -457,6 +457,12 @@
 
 --
 
+pptp-linux (no CVE)
+#523476
+asked maintainer in mail
+
+--
+
 python2.4 (CVE-2008-4864, CVE-2008-5031)
 #504620
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2009-04-24 15:49:30 UTC (rev 11711)
+++ data/spu-candidates.txt     2009-04-24 17:35:12 UTC (rev 11712)
@@ -50,6 +50,12 @@
 
 --
 
+pptp-linux (no CVE)
+#523476
+asked maintainer in mail
+
+--
+
 tau (CVE-2008-5157)
 #506348
 notified maintainer


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r11712 - in data: . CVE

Reply via email to