[Secure-testing-commits] r14851 - in data: CVE DSA

Nico Golde Thu, 10 Jun 2010 07:57:29 -0700

Author: nion
Date: 2010-06-10 14:56:08 +0000 (Thu, 10 Jun 2010)
New Revision: 14851


Modified:
   data/CVE/list
   data/DSA/list
Log:
- more cleanup of old non-issues
- new mono issue CVE-2010-1459
- CVE-2010-1447 fixed in postgresql-8.4 8.4.4-1, added to DSA to mark as fixed 
in stable as well


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-06-10 14:09:47 UTC (rev 14850)
+++ data/CVE/list       2010-06-10 14:56:08 UTC (rev 14851)
@@ -1934,8 +1934,7 @@
 CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) 
firmware ...)
        NOT-FOR-US: IBM BladeCenter Management Module
 CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a 
value ...)
-       - mono <undetermined>
-       TODO: check
+       - mono <unfixed> (bug #585440)
 CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS 
Zip ...)
        NOT-FOR-US: TweakFS
 CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, 
does not ...)
@@ -1982,9 +1981,8 @@
        - lxr-cvs <unfixed>
        TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
 CVE-2010-1447 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 
8.1.21, ...)
-       - postgresql-8.4 <undetermined>
-       - postgresql-8.3 <undetermined>
-       TODO: check
+       - postgresql-8.4 8.4.4-1
+       - postgresql-8.3 <removed>
 CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 
2.6.30 and ...)
        {DSA-2053-1}
        - linux-2.6 2.6.32-12 (unimportant)
@@ -25110,7 +25108,7 @@
        - fml <removed> (low; bug #496370)
        [etch] - fml <no-dsa> (Minor issue)
 CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users 
to ...)
-       - gccxml <unfixed> (unimportant; bug #496391)
+       - gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
        NOTE: Only applies to a script used for an obscure SGI compiler
 CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite 
arbitrary ...)
        - bulmages <unfixed> (unimportant; bug #496382)
@@ -25324,7 +25322,7 @@
        {DSA-1675-1}
        - phpmyadmin 4:2.11.8.1-3
 CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter 
in the ...)
-       - viewvc <unfixed> (bug #500779; unimportant)
+       - viewvc 1.0.9-1 (bug #500779; unimportant)
 CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on 
...)
        - iceweasel <unfixed> (unimportant)
        NOTE: reproducible but browser DoS not treated as security issue
@@ -25642,7 +25640,7 @@
        NOTE: the changelog doesn't mention the fix but its included in -10
        [etch] - chillispot <no-dsa> (minor issue)
 CVE-2008-XXXX [unsafe usage of temp file]
-       - debtorrent <unfixed> (unimportant; bug #500180)
+       - debtorrent 0.1.10 (unimportant; bug #500180)
        NOTE: Only exploitable when upgrading from an ancient version, package 
also not in Etch
        NOTE: Marking as unimportant
 CVE-2008-4189
@@ -50544,7 +50542,7 @@
        - iceape <unfixed> (unimportant)
        - epiphany-browser <unfixed> (unimportant; bug #556272)
        NOTE: only epiphany-gecko backend affected
-       - galeon <unfixed> (unimportant; bug #556270)
+       - galeon 2.0.7-2 (unimportant; bug #556270)
        - kazehakase 0.5.8-2 (bug #556271)
        TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
        [lenny] - kazehakase 0.5.4-2lenny1
@@ -79426,7 +79424,7 @@
        - moodle 1.4.4.dfsg.1-3
 CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
        RESERVED
-       - mutt <unfixed> (bug #311296; unimportant)
+       - mutt 1.5.20-7 (bug #311296; unimportant)
        [sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
        NOTE: An "attacker" could achieve the same by simply filling up /tmp
 CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2010-06-10 14:09:47 UTC (rev 14850)
+++ data/DSA/list       2010-06-10 14:56:08 UTC (rev 14851)
@@ -20,7 +20,7 @@
        {CVE-2010-1321}
        [lenny] - krb5 1.6.dfsg.4~beta1-5lenny4
 [24 May 2010] DSA-2051-1 postgresql-8.3 - several
-       {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975}
+       {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 CVE-2010-1447}
        [lenny] - postgresql-8.3 8.3.11-0lenny1
 [24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities
        {CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608 
CVE-2009-3609}


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r14851 - in data: CVE DSA

Reply via email to