Author: jmm-guest
Date: 2010-10-07 20:43:15 +0000 (Thu, 07 Oct 2010)
New Revision: 15439
Modified:
data/CVE/list
Log:
- new chrome issues
- hipo removed
- cleanup older non issues and mark several older issues as fixed
- mark vdr as unimportant, debug only
- numpy fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-10-07 18:36:27 UTC (rev 15438)
+++ data/CVE/list 2010-10-07 20:43:15 UTC (rev 15439)
@@ -97,9 +97,11 @@
CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM
DB2 UDB ...)
NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use
information ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before
6.0.472.62 ...)
- TODO: check
+ - webkit <undetermined>
+ - chromium-browser <undetermined>
CVE-2010-3728
RESERVED
CVE-2010-XXXX [amanda code injection]
@@ -848,7 +850,7 @@
CVE-2008-XXXX [greylistd bypass]
- greylistd 0.8.7+nmu2 (low; bug #464084)
CVE-2010-XXXX [numpy memory corruption]
- - python-numpy <unfixed> (medium; bug #581058)
+ - python-numpy 1:1.4.1-5 (bug #581058)
NOTE: http://projects.scipy.org/numpy/changeset/8364
CVE-2010-XXXX [glob processing issue]
- sudo 1.7.0-1 (low; bug #565223; bug #580342)
@@ -973,7 +975,8 @@
RESERVED
CVE-2010-3387
RESERVED
- - vdr <unfixed> (bug #598308)
+ - vdr <unfixed> (unimportant; bug #598308)
+ NOTE: Only affects a debugging tool, see bug #598308
CVE-2010-3386
RESERVED
- ust <unfixed> (bug #598309)
@@ -1056,7 +1059,8 @@
[lenny] - ike <no-dsa> (Minor issue)
CVE-2010-3360
RESERVED
- - hipo <unfixed> (bug #598291)
+ - hipo <removed> (bug #598291)
+ [lenny] - hipo <no-dsa> (Minor issue)
CVE-2010-3359 [gargoyle: insecure library loading]
RESERVED
- gargoyle-free 2009-08-25-2
@@ -8766,9 +8770,6 @@
- dillo <removed>
NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
NOTE: it is not clear whether the issue affects pre-2.x versions
-CVE-2010-XXXX [pidgin remote dos]
- - pidgin <unfixed> (low; bug #562720)
- [lenny] - pidgin <no-dsa> (Minor issue)
CVE-2010-XXXX [phpbb3 weak captcha]
- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
@@ -12725,7 +12726,7 @@
CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5
allows ...)
NOT-FOR-US: OpenDocMan
CVE-2009-XXXX [multiple missing input sanity checks in KDE]
- - kdelibs <unfixed> (low)
+ - kdelibs 4:3.5.10.dfsg.1-3 (low)
- kde4libs 4:4.3.4-1 (low)
[lenny] - kde4libs <no-dsa> (Minor issue)
[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
@@ -13087,9 +13088,7 @@
- vxl 1.13.0-2 (low; bug #560945)
- xulrunner <unfixed> (unimportant; bug #560946)
- texlive-bin <not-affected> (Files are not compiled in, see #560948)
- - vnc4 <unfixed> (low; bug #560949)
- [etch] - vnc4 <no-dsa> (minor issue)
- [lenny] - vnc4 <no-dsa> (minor issue)
+ - vnc4 <not-affected> (Not affected, see bug #560949)
- xotcl 1.6.5-1.2 (low; bug #560950)
[lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in
Battle Blog ...)
@@ -18754,6 +18753,7 @@
- webkit <unfixed> (low; bug #532514)
[lenny] - webkit <no-dsa> (Minor issue)
- kdebase <unfixed> (low; bug #532519)
+ [squeeze] - kdebase <no-dsa> (Minor issue)
[lenny] - kdebase <no-dsa> (Minor issue)
[etch] - kdebase <no-dsa> (Minor issue)
- w3m <unfixed> (unimportant; bug #532521)
@@ -19642,7 +19642,6 @@
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
- webkit 1.0.1-4 (bug #535793)
- kdelibs <not-affected>
- - kde4libs <unfixed>
- qt4-x11 4:4.6.2-4 (low)
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
NOTE: http://trac.webkit.org/changeset/34574
@@ -22844,12 +22843,8 @@
CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled,
uses the ...)
NOT-FOR-US: Qbik WinGate
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the
HTTP ...)
- - squid <unfixed> (low; bug #521053)
- [etch] - squid <no-dsa> (Minor issue)
- [lenny] - squid <no-dsa> (Minor issue)
- - squid3 <unfixed> (low; bug #521052)
- [etch] - squid3 <no-dsa> (Minor issue)
- [lenny] - squid3 <no-dsa> (Minor issue)
+ - squid <unfixed> (unimportant; bug #521053)
+ - squid3 <unfixed> (unimportant; bug #521052)
NOTE: This only affects HTTP connections and only in transparent mode
NOTE: Also, same origin validations in the browsers still apply and
keep this mostly harmless
NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
@@ -33525,10 +33520,8 @@
- gaim <removed>
[lenny] - gaim <not-affected> (gaim is now a transitional package
depending on pidgin with its own source package)
CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions,
allows ...)
- - pidgin <unfixed> (low; bug #488632)
- [lenny] - pidgin <no-dsa> (Minor issue)
- - gaim <removed>
- [lenny] - gaim <not-affected> (gaim is now a transitional package
depending on pidgin with its own source package)
+ - pidgin <unfixed> (unimportant; bug #488632)
+ NOTE: Non-issue per analysis of Pidgin upstream developers, should be
rejected
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other
versions, ...)
- pidgin 2.4.3-4 (low; bug #488632)
- gaim <removed>
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
