Author: jmm-guest
Date: 2010-08-12 13:46:04 +0000 (Thu, 12 Aug 2010)
New Revision: 15148

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- new mantis issue (doesn't affect versions in Debian)
- fix broken mediawiki entry
- new freetype issue
- wireshark CVEfied
- record kvirc fix in unstable
- knowledgeroot code copy has been fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-08-10 21:38:11 UTC (rev 15147)
+++ data/CVE/list       2010-08-12 13:46:04 UTC (rev 15148)
@@ -3,14 +3,14 @@
        [lenny] - lynx <no-dsa> (Minor issue)
        NOTE: exploit scenario really obscure
        NOTE: https://bugs.launchpad.net/ubuntu/+source/lynx-cur/+bug/613254
-CVE-2010-XXXX [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine 
could overrun a buffer]
+CVE-2010-2995 [Wireshark 1.2.10 SigComp Universal Decompressor Virtual Machine 
could overrun a buffer]
        - wireshark 1.2.10-1
-CVE-2010-XXXX [Wireshark 1.2.10 GSM A RR dissector could crash]
+CVE-2010-2992 [Wireshark 1.2.10 GSM A RR dissector could crash]
        - wireshark 1.2.10-1
        [lenny] - wireshark <not-affected> (Only affects 1.2.x)
-CVE-2010-XXXX [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector 
could overrun the stack]
+CVE-2010-2994 [Wireshark 1.2.10 Due to a regression the ASN.1 BER dissector 
could overrun the stack]
        - wireshark 1.2.10-1
-CVE-2010-XXXX [Wireshark 1.2.10 The IPMI dissector could go into an infinite 
loop]
+CVE-2010-2993 [Wireshark 1.2.10 The IPMI dissector could go into an infinite 
loop]
        - wireshark 1.2.10-1
        [lenny] - wireshark <not-affected> (Only affects 1.2.x)
 CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not 
properly ...)
@@ -265,7 +265,7 @@
 CVE-2010-2861
        RESERVED
 CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance 
accepts ...)
-       TODO: check
+       NOT-FOR-US: EMC
 CVE-2009-4974 (Directory traversal vulnerability in box_display.php in 
TotalCalendar ...)
        NOT-FOR-US: TotalCalendar
 CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 
allows ...)
@@ -455,7 +455,7 @@
        [lenny] - zabbix <no-dsa> (Minor issue)
 CVE-2010-2789 [mediawiki "register_globals arbitrary inclusion"]
        RESERVED
-       NOT-FOR-US: mediawiki
+       - mediawiki <undetermined>
        NOTE: 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
        NOTE: Affects mediawiki 1:1.16.0beta* - was not and will not be in 
Debian
 CVE-2010-2788 [mediawiki XSS]
@@ -469,10 +469,10 @@
        [lenny] - mediawiki <no-dsa> (Minor issue)
        NOTE: 
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 
allows ...)
-       TODO: check
+       NOT-FOR-US: Piwik
 CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 
does not ...)
        {DSA-2078-1}
-       TODO: check
+       - kvirc 4:4.0.0-3
 CVE-2010-2784
        RESERVED
 CVE-2010-2783
@@ -1416,7 +1416,7 @@
        - mahara 1.2.5-1
        - moodle <unfixed> (low)
        [lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
-       - knowledgeroot <unfixed> (low)
+       - knowledgeroot 0.9.9.5-5
        [lenny] - knowledgeroot <no-dsa> (low)
 CVE-2010-2419
        RESERVED
@@ -1938,12 +1938,16 @@
        RESERVED
 CVE-2010-2216
        RESERVED
+       NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2215
        RESERVED
+       NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2214
        RESERVED
+       NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2213
        RESERVED
+       NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, 
and 8.x ...)
        NOT-FOR-US: Adobe Reader
 CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 
on ...)
@@ -2986,8 +2990,9 @@
        RESERVED
 CVE-2010-1798
        RESERVED
-CVE-2010-1797
+CVE-2010-1797 [freetype CFF buffer overflow]
        RESERVED
+       - freetype 2.4.2-1
 CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 
10.5 ...)
        - webkit <undetermined>
        - chromium-browser <undetermined>
@@ -7846,6 +7851,7 @@
        RESERVED
 CVE-2010-0209
        RESERVED
+       NOT-FOR-US: Adobe Flash Plugin
 CVE-2010-0208
        RESERVED
 CVE-2010-0207
@@ -13828,6 +13834,9 @@
        NOT-FOR-US: Apple Mac OS X
 CVE-2009-2802
        RESERVED
+       - mantis <not-affected> (Only affects 1.2.x)
+       NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
+       NOTE: http://www.mantisbt.org/blog/?p=113
 CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops 
unspecified ...)
        NOT-FOR-US: Apple Application Firewall
 CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 
10.5.8 ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies   2010-08-10 21:38:11 UTC (rev 15147)
+++ data/embedded-code-copies   2010-08-12 13:46:04 UTC (rev 15148)
@@ -66,7 +66,7 @@
 
 php-htmlpurifier
        - mahara 1.2.5-1 (embed)
-       - knowledgeroot <unfixed> (embed)
+       - knowledgeroot 0.9.9.5-5 (embed)
        - moodle <unfixed> (embed)
 
 peercast


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to