Author: geissert
Date: 2010-02-07 06:37:10 +0000 (Sun, 07 Feb 2010)
New Revision: 14050
Modified:
data/CVE/list
Log:
automake issue is not unimportant
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-07 06:30:51 UTC (rev 14049)
+++ data/CVE/list 2010-02-07 06:37:10 UTC (rev 14050)
@@ -2814,18 +2814,15 @@
- mysql-dfsg-5.0 <removed>
TODO: check
CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1,
1.10.3, ...)
- - automake 1:1.11-1 (unimportant)
- - automake1.9 <unfixed> (unimportant)
- - automake1.7 <unfixed> (unimportant)
- - automake1.10 <unfixed> (unimportant)
- NOTE: for this to be exploited, an attacker needs to have account on
the same
- NOTE: system as the developer building the package, and that attacker
needs to
- NOTE: insert malicious data into the vulnerable directory in a small
time frame.
- NOTE: theoretically it may be possible, but it is highly unlikely, so
this is
- NOTE: being considered unimportant.
- NOTE: for the paranoid, the only proper solution would be to rebuild
the entire
- NOTE: archive with a patched version of automake and enforce that all
- NOTE: developers use a patched automake.
+ - automake 1:1.11-1
+ [lenny] - automake <no-dsa> (Minor issue)
+ - automake1.9 <unfixed>
+ [lenny] - automake1.9 <no-dsa> (Minor issue)
+ - automake1.7 <unfixed>
+ [lenny] - automake1.7 <no-dsa> (Minor issue)
+ - automake1.10 <unfixed>
+ [lenny] - automake1.10 <no-dsa> (Minor issue)
+ NOTE: spu will be released to avoid spreading the bug even further
NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL
5.0.x ...)
- mysql-dfsg-5.1 5.1.41-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
