Author: jmm-guest Date: 2009-05-01 15:36:46 +0000 (Fri, 01 May 2009) New Revision: 11758 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: - new kernel issue - spu updates - add samba issue (already fixed) - bugnums Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-01 14:47:36 UTC (rev 11757) +++ data/CVE/list 2009-05-01 15:36:46 UTC (rev 11758) @@ -1,3 +1,7 @@ +CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend] + - samba 2:3.2.6 (bug #514151) + [lenny] - samba 2:3.2.5-4lenny1 + [etch] - samba <not-affected> (Bug not yet present in Etch''s version) CVE-2009-XXXX [Quagga bgpd crash related to 4-byte AS numbers] - quagga <unfixed> (high; bug #526270) CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...) @@ -201,6 +205,7 @@ CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users] - iodine <unfixed> (low) [lenny] - iodine <no-dsa> (Maintainer will fix it in next stable point update) + TODO: next point release: [lenny] - iodine 0.4.2-2~lenny1 CVE-2009-XXXX [ntop: access.log permissions] - ntop <unfixed> (low; bug #524801) NOTE: fixed in recent FSA (https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2805) @@ -445,6 +450,7 @@ CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions] - pptp-linux 1.7.2-3 (low; bug #523476) [lenny] - pptp-linux <no-dsa> (Minor issue) + [etch] - pptp-linux <no-dsa> (Minor issue) CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups] - slurm-llnl 1.3.15-1 (bug #524980) [lenny] - slurm-llnl 1.3.6-1lenny3 @@ -1111,7 +1117,8 @@ CVE-2009-1193 RESERVED CVE-2009-1192 (drivers/char/agp/generic.c in the agp subsystem in the Linux kernel ...) - TODO: check + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...) - apache2 <unfixed> (low) [etch] - apache2 <not-affected> (introduced in 2.2.11) @@ -2427,7 +2434,7 @@ {DSA-1769-1} - openjdk-6 <unfixed> CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...) - - argyll 1.0.3-3 (medium; bug #523472) + - argyll 1.0.3-3 (medium; bug #523472; bug #524802) - ghostscript 8.64~dfsg-1.1 (medium; bug #524915) CVE-2009-0791 RESERVED @@ -11914,7 +11921,7 @@ - xine-lib 1.1.14-2 (bug #492870; unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...) - - ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764) + - ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766) - ffmpeg <removed> (unimportant) NOTE: Only a NULL pointer deference, hardly security relevant CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2009-05-01 14:47:36 UTC (rev 11757) +++ data/ospu-candidates.txt 2009-05-01 15:36:46 UTC (rev 11758) @@ -465,7 +465,7 @@ pptp-linux (no CVE) #523476 -asked maintainer in mail +Ola will prepare a fix in a point update -- Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-05-01 14:47:36 UTC (rev 11757) +++ data/spu-candidates.txt 2009-05-01 15:36:46 UTC (rev 11758) @@ -70,7 +70,7 @@ pptp-linux (no CVE) #523476 -asked maintainer in mail +Ola will prepare a fix in a point update --