jmm-guest at alioth.debian.org
2008-Oct-20 17:23 UTC
[Secure-testing-commits] r10131 - in data: . CVE
Author: jmm-guest Date: 2008-10-20 17:23:13 +0000 (Mon, 20 Oct 2008) New Revision: 10131 Modified: data/CVE/list data/spu-candidates.txt Log: ipsec-tools no-dsa some kernel issues fixed mantis updated fix one network issue affects freeBSD Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-20 17:22:14 UTC (rev 10130) +++ data/CVE/list 2008-10-20 17:23:13 UTC (rev 10131) @@ -43,7 +43,7 @@ CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...) TODO: check CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.26-9 - linux-2.6.24 <unfixed> CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might ...) - jhead 2.84-1 (bug #502353; low) @@ -87,7 +87,7 @@ - graphviz 2.20.3-2 (low) [etch] - graphviz <no-dsa> (Minor issue) CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.26-9 - linux-2.6.24 <unfixed> CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...) - qemu 0.9.1-6 (low; bug #496394) @@ -1826,9 +1826,10 @@ CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...) - linux-2.6 <not-affected> (Fedora-specific patch) - linux-2.6.24 <not-affected> (Fedora-specific patch) -CVE-2008-3831 +CVE-2008-3831 [kernel drm issue] RESERVED {DSA-1655-1} + - linux-2.6 2.6.26-9 CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...) - condor <itp> (bug #233482) CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor ...) @@ -2377,6 +2378,7 @@ - tikiwiki <removed> CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...) - ipsec-tools 0.7.1-1.2 (low; bug #501026) + [etch] - ipsec-tools <no-dsa> (Minor issue) NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660 CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...) - ipsec-tools 1:0.7.1-1 (low; bug #495214) @@ -3640,7 +3642,7 @@ - sun-java5 1.5.0-16-1 (bug #490260) - sun-java6 6-07-1 (bug #490260) CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...) - - mantis 1.1.2+dfsg-4 (low; bug #501179) + - mantis 1.1.2+dfsg-6 (low; bug #501179) CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...) NOT-FOR-US: vtiger CRM CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...) @@ -5068,7 +5070,8 @@ CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) ...) NOT-FOR-US: MxBB (MX-System) CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) ...) - NOT-FOR-US: IPv6 NDP flaw not affecting Linux + - kfreebsd-7 7.0-6 + NOTE: IPv6 NDP flaw not affecting Linux CVE-2008-2475 RESERVED CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-10-20 17:22:14 UTC (rev 10130) +++ data/spu-candidates.txt 2008-10-20 17:23:13 UTC (rev 10131) @@ -197,6 +197,10 @@ http://sourceforge.net/mailarchive/forum.php?thread_name=48a0c7a0.qPeWZAE0PY8bDDq%2B%25olel%40ans.pl&forum_name=ipsec-tools-devel notified maintainer +ipsec-tools (CVE-2008-3652) +#501026 +https://bugzilla.redhat.com/show_bug.cgi?id=456660 + -- jumpnbump (no CVE yet)