Secure testing commits - Dec 2008 - r10725 - data/CVE

Author: thijs
Date: 2008-12-18 11:00:29 +0000 (Thu, 18 Dec 2008)
New Revision: 10725

Modified:
   data/CVE/list
Log:
point update r6 released


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-12-18 05:18:03 UTC (rev 10724)
+++ data/CVE/list	2008-12-18 11:00:29 UTC (rev 10725)
@@ -1356,6 +1356,8 @@
 	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not
affected)
 CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal]
 	- websvn 2.0-4 (bug #503330)
+	[etch] - websvn 1.61-21
+	NOTE: Fixed in etch r6 point update
 	NOTE: http://www.gulftech.org/?node=research&article_id=00132-10202008
 CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in
the ...)
 	- linux-2.6 2.6.26-11
@@ -1726,9 +1728,8 @@
 	- python2.4 2.4.5-6 (bug #504620)
 CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender
2.46 ...)
 	- blender 2.46+dfsg-5 (bug #503632; low)
-	[etch] - blender <no-dsa> (Minor issue)
-	TODO:	[etch] - blender 2.42a-8
-	NOTE: Scheduled for r6
+	[etch] - blender 2.42a-8
+	NOTE: minor issue fixed in etch r6 point update
 CVE-2008-4862
 	RESERVED
 CVE-2008-4861
@@ -2451,9 +2452,8 @@
 	NOT-FOR-US: Sun Solstice AdminSuite
 CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in
parser.y ...)
 	- graphviz 2.20.2-3 (low)
-	[etch] - graphviz <no-dsa> (Minor issue)
-	TODO:	[etch] - graphviz 2.8-3+etch1
-	NOTE: Scheduled for r6
+	[etch] - graphviz 2.8-3+etch1
+	NOTE: minor issue fixed in etch r6 point update
 CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel
before ...)
 	{DSA-1687-1 DSA-1681-1}
 	- linux-2.6 2.6.26-9
@@ -3311,7 +3311,6 @@
 	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
 	- linux-ftpd 0.17-29 (bug #500278)
 	[etch] - linux-ftpd <no-dsa> (Minor issue)
-	NOTE: Scheduled for r6
 CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
 	- wordpress <unfixed> (bug #500295; unimportant)
 	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
@@ -23522,7 +23521,9 @@
 CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when
running as ...)
 	- spamassassin 3.2.1-1 (low)
 	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only
locally exploitable)
-	[etch] - spamassassin <no-dsa> (Only obscure setups affected, only
locally exploitable)
+	[etch] - spamassassin 3.1.7-2etch1
+	NOTE: Minor issue fixed in etch r6 point update
+	NOTE: Only obscure setups affected, only locally exploitable
 CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5
before ...)
 	- php5 5.2.3-1 (unimportant)
 	NOTE: Only triggerable by malicious script