Author: jmm-guest
Date: 2010-06-04 10:24:42 +0000 (Fri, 04 Jun 2010)
New Revision: 14793

Modified:
   data/CVE/list
Log:
- clamav fixed
- new prewikka issue
- NFUs
- remove the [lenny] unfixed entry for glibc, this is done implicitly
  by the glibc <removed> entry
- two further "issues" in glibc. I don't think we need to treat them
  as security problems, since attacker-controllable format strings
  cannot be handled securely anyway. I've marked them as unimportant.
  Aurelien, if you disgree simply adjust the severity.


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-06-04 09:11:26 UTC (rev 14792)
+++ data/CVE/list       2010-06-04 10:24:42 UTC (rev 14793)
@@ -25,16 +25,18 @@
 CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote 
attackers to ...)
        - xulrunner <unfixed> (unimportant)
 CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in 
stdlib/strfmon_l.c in ...)
-       TODO: check
+       - eglibc 2.10.1-1 (unimportant)
+       - glibc <removed>
 CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the 
GNU C ...)
-       TODO: check
+       - eglibc 2.11.1-1 (unimportant)
+       - glibc <removed>
 CVE-2010-XXXX [rpm setuid handling]
        - rpm <unfixed> (bug #584257; unimportant)
        NOTE: Marking as unimportant since rpm isn't used as a package manager
 CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 
6.7.1 ...)
        TODO: check
 CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to 
cause a ...)
-       TODO: check
+       NOT-FOR-US: SolarWinds TFTP Server
 CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in 
Brekeke ...)
        TODO: check
 CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
The ...)
@@ -166,8 +168,9 @@
        RESERVED
 CVE-2010-2059
        RESERVED
-CVE-2010-2058
+CVE-2010-2058 [Insecure permissions on prewikka conf] 
        RESERVED
+       - prewikka <unfixed> (bug #584469)
 CVE-2010-2057
        RESERVED
 CVE-2010-2056
@@ -467,7 +470,7 @@
 CVE-2010-1929
        RESERVED
 CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before 
SP1 ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2010-1913 (The default configuration of pluginlicense.ini for the ...)
        NOT-FOR-US: Consona
 CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live 
...)
@@ -1130,10 +1133,10 @@
 CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux 
kernel ...)
        - linux-2.6 <unfixed>
 CVE-2010-1640 (Off-by-one error in the parseicon function in 
libclamav/pe_icons.c in ...)
-       - clamav <unfixed> (bug #584183)
+       - clamav 0.96.1+dfsg-1 (bug #584183)
        [lenny] - clamav <end-of-life>
 CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 
allows ...)
-       - clamav <unfixed> (bug #584183)
+       - clamav 0.96.1+dfsg-1 (bug #584183)
        [lenny] - clamav <end-of-life>
 CVE-2010-1638
        RESERVED
@@ -3447,7 +3450,6 @@
 CVE-2010-0831
        RESERVED
 CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function 
in ...)
-       [lenny] - glibc <unfixed> (low)
        - glibc <removed>
        - eglibc 2.11-1
        NOTE: 
http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
@@ -5079,8 +5081,7 @@
        - kvm <removed> (low)
        [lenny] - kvm <no-dsa> (minor issue)
 CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library 
(aka ...)
-       [lenny] - glibc <unfixed> (bug #583908)
-       - glibc <removed>
+       - glibc <removed> (bug #583908)
        - eglibc 2.11-1
        NOTE: 
http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
 CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each 
read ...)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to