Secure testing commits - Jun 2009 - r12028 - data/CVE

Author: jmm-guest
Date: 2009-06-02 21:17:11 +0000 (Tue, 02 Jun 2009)
New Revision: 12028

Modified:
   data/CVE/list
Log:
- zoneminder fixed
- prelude-manager doesn''t affect Debian


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-06-02 21:16:42 UTC (rev 12027)
+++ data/CVE/list	2009-06-02 21:17:11 UTC (rev 12028)
@@ -805,8 +805,7 @@
 	- prewikka 0.9.11.3-2 (low; bug #527476)
 	NOTE: FEDORA-2009-3761 (http://lwn.net/Articles/330642)
 CVE-2009-XXXX [prelude-manager: password world-readable]
-	- prelude-manager <unfixed> (low; bug #527344)
-	NOTE: asked maintainer to determine whether debian is affected by this one
+	- prelude-manager <not-affected> (The postinst sets correct permissions,
see bug #527344)
 	NOTE: FEDORA-2009-3931 (http://lwn.net/Articles/331612)
 CVE-2009-XXXX [bash-completion: does not properly quote characters]
 	- bash-completion 200811xx~bzr1223 (bug #259987)
@@ -1156,9 +1155,8 @@
 CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
 	- zoneminder 1.22.3-5
 CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of
/etc/zm.conf to ...)
-	- zoneminder <unfixed> (unimportant; bug #528252)
+	- zoneminder 1.24.1-1 (unimportant; bug #528252)
 	NOTE: we are also affected but this is not a security issue by itself even if
it''s ugly
-	NOTE: only in unstable anyway
 CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows
remote ...)
 	NOT-FOR-US: vBullerin addon
 CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows
remote ...)
@@ -11422,11 +11420,11 @@
 CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite
arbitrary ...)
 	- caudium 1.4.12-11.1 (low; bug #496404)
 CVE-2008-3882 (Unspecified &quot;Command Injection&quot; vulnerability
in ZoneMinder 1.23.3 and ...)
-	- zoneminder <unfixed> (bug #497640)
+	- zoneminder 1.24.1-1 (bug #497640)
 CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in
ZoneMinder ...)
-	- zoneminder <unfixed> (low; bug #497640)
+	- zoneminder 1.24.1-1 (low; bug #497640)
 CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in
ZoneMinder ...)
-	- zoneminder <unfixed> (bug #497640)
+	- zoneminder 1.24.1-1 (bug #497640)
 CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx
2.0.2008.801 ...)
 	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
 CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX
control ...)