thr3ads.net - Secure testing commits - [Secure-testing-commits] r11879

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2009-May-11 21:24 UTC

[Secure-testing-commits] r11879 - data/CVE

Author: jmm-guest
Date: 2009-05-11 21:24:56 +0000 (Mon, 11 May 2009)
New Revision: 11879

Modified:
   data/CVE/list
Log:
- new file issue fixed in unstable
- proper etch tracking for gnutls issues
- screen issue doesn''t affect zsh, this was an error by Mandriva,
  I''ve contacted them


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-05-11 21:16:55 UTC (rev 11878)
+++ data/CVE/list	2009-05-11 21:24:56 UTC (rev 11879)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [More file buffer overflows]
+	- file 5.03-1
+	TODO: Check, whether code was introduced in 5.x as well like the other issues
 CVE-2009-1594
 	RESERVED
 CVE-2009-1593
@@ -524,14 +527,18 @@
 	RESERVED
 CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation
and ...)
 	- gnutls26 2.6.6-1 (medium; bug #528281)
+	- gnutls13 <removed>
 CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5
generates ...)
 	- gnutls26 2.6.6-1 (medium)
-	[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
-	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
+	- gnutls13 <removed>
+	[lenny] - gnutls26 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
+	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
 CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not
...)
 	- gnutls26 2.6.6-1 (medium)
+	- gnutls13 <removed>
 	[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
 	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
+	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
 CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
@@ -1425,11 +1432,9 @@
 	[etch] - screen <not-affected> (etch version predates #433338)
 	[lenny] - screen <no-dsa> (Minor issue)
 	TODO: add after r2 4.0.3-11+lenny1
-	NOTE: check zsh (updated by mandriva http://lwn.net/Articles/332352)
 CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file
with ...)
 	- screen 4.0.3-13 (unimportant; bug #521123)
 	NOTE: documented behaviour "or the public accessible
screen-exchange", see man screen
-	NOTE: check zsh (updated by mandriva http://lwn.net/Articles/332352)
 CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
 	- bugzilla <unfixed> (low)
 	[etch] - bugzilla <no-dsa> (Minor issue)

Secure testing commits - May 2009 - r11879 - data/CVE

[Secure-testing-commits] r11879 - data/CVE