[Secure-testing-commits] r12005 - data/CVE

Stefan Fritsch Mon, 01 Jun 2009 03:55:44 -0700

Author: sf
Date: 2009-06-01 10:55:37 +0000 (Mon, 01 Jun 2009)
New Revision: 12005


Modified:
   data/CVE/list
Log:
add some bug references

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-06-01 10:53:06 UTC (rev 12004)
+++ data/CVE/list       2009-06-01 10:55:37 UTC (rev 12005)
@@ -379,7 +379,7 @@
        - libsndfile 1.0.20-1 (medium; bug #528650)
 CVE-2009-XXXX [drupal: cross-site scripting vulnerability]
        - drupal5 5.17-1.1 (low; bug #529191)
-       - drupal6 6.11-1.1 (low; bug #529190)
+       - drupal6 6.11-1.1 (low; bug #529190; bug #531386)
 CVE-2009-XXXX [kdebase: potential digital certificate deficiencies in 
konqueror 4]
        - kdebase <unfixed> (low; bug #526985)
        [etch] - kdebase <not-affected> (vulnerability introduced in konqueror 
4)
@@ -972,7 +972,7 @@
        - chromium-browser <itp> (bug #520324)
 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux 
kernel ...)
        {DSA-1800-1 DSA-1794-1 DSA-1787-1}
-       - linux-2.6 <unfixed>
+       - linux-2.6 2.6.29-2 (bug #523365)
        - linux-2.6.24 <removed>
 CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
        - libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
@@ -3370,7 +3370,7 @@
 CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in 
OpenJDK ...)
        {DSA-1769-1}
        - openjdk-6 <unfixed>
-       - lcms <unfixed> (low; bug filed)
+       - lcms <unfixed> (low; bug #530785)
        [lenny] - lcms <no-dsa> (Minor issue)
        [etch] - lcms <no-dsa> (Minor issue)
 CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color 
...)
@@ -3844,7 +3844,7 @@
 CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...)
        NOT-FOR-US: Plunet BusinessManager
 CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in 
xine-lib ...)
-       - xine-lib 1.1.16.2-1 (bug #517792; medium)
+       - xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
 CVE-2009-0697
        RESERVED
 CVE-2009-0696
@@ -4455,7 +4455,7 @@
        NOTE: their previous password; thus violating the security policy as 
defined by
        NOTE: the administrator)
 CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify 
...)
-       - network-manager-applet 0.7.0.99-1 (medium)
+       - network-manager-applet 0.7.0.99-1 (medium; bug #519801)
 CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in 
CUPS ...)
        NOT-FOR-US: RedHat specific, because they had a problem applying the 
fix for CVE-2008-3640
 CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 
5.2 p6 ...)
@@ -5249,7 +5249,7 @@
        {DSA-1737-1}
        - wesnoth 1:1.4.7-4
 CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains 
an ...)
-       - network-manager-applet 0.7.0.99-1 (medium)
+       - network-manager-applet 0.7.0.99-1 (medium; bug #519801)
        - network-manager 0.7.0.99-1 (medium)
 CVE-2009-0364 (Format string vulnerability in the mini_calendar component in 
...)
        {DSA-1752-1}
@@ -6720,7 +6720,7 @@
 CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux 
server is ...)
        NOT-FOR-US: Novell NetWare
 CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and 
WordPress 2.3.2 ...)
-       - wordpress 2.3.2 (low; bug #510786)
+       - wordpress 2.3.2 (low; bug #510786; bug #513959)
        NOTE: only the admin has manage_options capabilities by default and 
only editors
        NOTE: have upload_files capabilities
        NOTE: Only versions prior to 2.3.2 are affected according to the Debian 
maintainer
@@ -7544,7 +7544,7 @@
 CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka 
ffdshow-tryout) ...)
        NOT-FOR-US: ffdshow
 CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to 
overwrite ...)
-       - gpsdrive 2.10~pre4-6.dfsg-2 (low)
+       - gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
        [etch] - gpsdrive <no-dsa> (Minor issue)
        [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite 
arbitrary ...)
@@ -31170,7 +31170,7 @@
 CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote 
attackers ...)
        NOT-FOR-US: NewzCrawler
 CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the 
JasPer ...)
-       - jasper <unfixed> (medium; bug #413033)
+       - jasper <unfixed> (medium; bug #413033; bug #528543)
        NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped 
later, see #528543
        - ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
        NOTE: see 
http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r12005 - data/CVE

Reply via email to