Author: jmm-guest
Date: 2010-03-11 19:44:35 +0000 (Thu, 11 Mar 2010)
New Revision: 14249
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- mod-security fixed
- cpio fixed
- removed temp entries for moin issues already CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-03-11 18:48:23 UTC (rev 14248)
+++ data/CVE/list 2010-03-11 19:44:35 UTC (rev 14249)
@@ -705,13 +705,16 @@
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks)
...)
NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly
...)
- - moin 1.9.2-1
+ - moin 1.9.2-1 (bug #569975)
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x,
1.8.x ...)
- - moin 1.9.2-1
+ - moin 1.9.2-1 (bug #569975)
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected
clearing of ...)
- moin 1.9.1-1
[lenny] - moin <not-affected> (versions before 1.9 are not affected)
[etch] - moin <not-affected> (versions before 1.9 are not affected)
+ NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
+ NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
+ NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5
Patch ...)
NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information
under ...)
@@ -873,7 +876,7 @@
RESERVED
CVE-2010-0624 [heap overflow in rmt implementation of tar/cpio]
RESERVED
- - cpio <unfixed> (low)
+ - cpio 2.11-1 (low)
- tar 1.23-1 (low)
[lenny] - cpio <no-dsa> (Minor issue)
[lenny] - tar <no-dsa> (Minor issue)
@@ -1003,7 +1006,7 @@
CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and
earlier ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2010-XXXX [multiple mod_security issues]
- - libapache-mod-security <unfixed> (bug #569658)
+ - libapache-mod-security 2.5.12-1 (bug #569658)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
TODO: check
CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux
kernel ...)
@@ -1299,10 +1302,6 @@
- qt4-x11 <unfixed> (unimportant)
- kdelibs <unfixed> (unimportant)
- kde4libs <unfixed> (unimportant)
-CVE-2010-XXXX [moinmoin unspecified issue]
- - moin <unfixed> (bug #569975)
- NOTE: http://moinmo.in/SecurityFixes
- NOTE: "you can avoid the issue by not having any user names in your
superuser list"
CVE-2010-0466
RESERVED
CVE-2010-0465
@@ -1635,15 +1634,6 @@
NOT-FOR-US: IBM Lotus Domino
CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in
IBM ...)
NOT-FOR-US: IBM Lotus Web Content Management
-CVE-2010-XXXX [MoinMoin sys.argv information disclosure]
- - moin <unfixed>
- [etch] - moin <not-affected>
- [lenny] - moin <not-affected>
- NOTE: pre 1.9 are said not to be affected, marking them as such for now
- NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
- NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
- NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
- TODO: check
CVE-2010-0356 (Stack-based buffer overflow in the
MOVIEPLAYER.MoviePlayerCtrl.1 ...)
NOT-FOR-US: ActiveX
CVE-2010-0355
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-03-11 18:48:23 UTC (rev 14248)
+++ data/spu-candidates.txt 2010-03-11 19:44:35 UTC (rev 14249)
@@ -400,11 +400,6 @@
--
-tar (CVE-2010-0624)
-notified maintainer
-
---
-
tau (CVE-2008-5157)
#506348
notified maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
