Author: jmm-guest
Date: 2010-08-31 16:20:21 +0000 (Tue, 31 Aug 2010)
New Revision: 15243
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- fix drupal c&p error
- no-dsa: libhx, libgdiplus, mapserver
- fix phpmyadmin entry, was still marked as unfixed for lenny
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-08-31 09:14:36 UTC (rev 15242)
+++ data/CVE/list 2010-08-31 16:20:21 UTC (rev 15243)
@@ -343,9 +343,8 @@
NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in
phpMyAdmin ...)
{DSA-2097-1}
- - phpmyadmin <not-affected> (Affects only 2.x branch)
- [lenny] - phpmyadmin <unfixed>
- NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
+ - phpmyadmin 4:3.0.0
+ NOTE: Affects only 2.x branch
CVE-2010-3052
RESERVED
CVE-2010-3051
@@ -570,6 +569,7 @@
[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c
in ...)
- libhx 3.5-2 (low; bug #594393)
+ [lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through
spu)
CVE-2010-2946 [jfs issue]
RESERVED
- linux-2.6 2.6.32-21
@@ -958,12 +958,14 @@
RESERVED
CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before
1.1.2, when ...)
- libphp-cas <itp> (bug #495542)
- - glpi <unfixed>
+ - glpi <unfixed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
- moodle <unfixed>
TODO: check embedders
CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack
...)
- libphp-cas <itp> (bug #495542)
- - glpi <unfixed>
+ - glpi <unfixed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
- moodle <unfixed>
TODO: check embedders
CVE-2010-2794
@@ -1073,8 +1075,10 @@
NOT-FOR-US: SPirate
CVE-2010-3484 [mapserver: buffer overflow in msTmpFile()]
- mapserver 5.6.4-1 (low)
+ [lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-3485 [mapserver: insecure mapserv cgi command-line debug args]
- mapserver 5.6.4-1 (low)
+ [lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-2770
RESERVED
CVE-2010-2769
@@ -1098,13 +1102,13 @@
CVE-2010-2760
RESERVED
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
- - bugzilla <unfixed> (medium)
+ - bugzilla <unfixed> (bug #595015; medium)
CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
- - bugzilla <unfixed> (low)
+ - bugzilla <unfixed> (bug #595015; low)
CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1
through ...)
- - bugzilla <unfixed> (low)
+ - bugzilla <unfixed> (bug #595015; low)
CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through
3.4.7, 3.5.1 ...)
- - bugzilla <unfixed> (low)
+ - bugzilla <unfixed> (bug #595015; low)
CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does
not ...)
- xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before
3.5.11 ...)
@@ -4070,8 +4074,8 @@
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client
library ...)
- libphp-cas <itp> (bug #495542)
- moodle 1.9.8-1 (low; bug #574757)
- - glpi <unfixed>
- TODO: check glpi
+ - glpi <unfixed> (unimportant)
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before
1.9.8 ...)
- moodle 1.9.8-1 (unimportant; bug #585427)
NOTE: i have a hard time seeing the security impact, moodle is a course
management
@@ -4279,6 +4283,7 @@
NOT-FOR-US: Novell iPrint Client
CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in
Mono, allow ...)
- libgdiplus 2.6.7-2 (low; bug #594155)
+ [lenny] - libgdiplus <no-dsa> (Minor issue)
CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader
(wkssr.dll) in ...)
NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy
KeyView 10.4 ...)
@@ -6537,16 +6542,16 @@
NOTE: Triggered through config files, not a security issue
CVE-2010-2473 [Blocked user session regeneration]
RESERVED
- - drupal6 6.16-1 (bug #572439)
+ - drupal6 6.18-1 (bug #592716)
CVE-2010-2472 [Locale module cross site scripting]
RESERVED
- - drupal6 6.16-1 (bug #572439)
+ - drupal6 6.18-1 (bug #592716)
CVE-2010-2471 [Open redirection]
RESERVED
- - drupal6 6.16-1 (bug #572439)
+ - drupal6 6.18-1 (bug #592716)
CVE-2010-2250 [Installation cross site scripting]
RESERVED
- - drupal6 6.16-1 (bug #572439)
+ - drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
- linux-ftpd <not-affected> (Performs proper length checks, see #572813)
CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3
and ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-08-31 09:14:36 UTC (rev 15242)
+++ data/spu-candidates.txt 2010-08-31 16:20:21 UTC (rev 15243)
@@ -293,6 +293,11 @@
--
+mapserver (CVE-2010-3484, CVE-2010-3485)
+fixed in 5.6.4-1
+
+--
+
maradns
http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
notified maintainer
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
