Author: jmm-guest Date: 2010-01-26 20:59:29 +0000 (Tue, 26 Jan 2010) New Revision: 13924 Modified: data/CVE/list data/embedded-code-copies Log: - mysql fixed - python2.6 fixed - remove errerous ilohamail entry - add now fixed gzip copy in velvet - smart fixed, dunno if the second expat was fixed as well, only saw the changelog - libsndfile issue unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-26 20:52:35 UTC (rev 13923) +++ data/CVE/list 2010-01-26 20:59:29 UTC (rev 13924) @@ -971,7 +971,7 @@ RESERVED CVE-2009-4484 (Buffer overflow in the server in MySQL 5.0.51a on Linux allows remote ...) - mysql-dfsg-5.0 <removed> (medium) - - mysql-dfsg-5.1 <unfixed> (medium) + - mysql-dfsg-5.1 5.1.41-4 (medium) NOTE: maintainer working on updates CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...) NOT-FOR-US: MailSite @@ -3285,7 +3285,7 @@ - paraview 3.6.2-1 (unimportant; bug #560935) - poco 1.3.6p1-1 (unimportant; bug #560936) - simgear <unfixed> (unimportant; bug #560937) - - smart <unfixed> (low; bug #560953) + - smart 1.2-5 (low; bug #560953) [etch] - smart <no-dsa> (minor issue) [lenny] - smart <no-dsa> (minor issue) - tla 1.3.5+dfsg-15 (unimportant; bug #560940) @@ -3741,6 +3741,7 @@ TODO: after next point release [lenny] - python-xml 0.8.4-10.1+lenny1 - python2.5 2.5.4-3.1 (low; bug #560912) - python2.4 <unfixed> (low; bug #560913) + - python2.6 2.6.4-4 - python-4suite <unfixed> (low; bug #560914) [etch] - python-4suite <no-dsa> (Minor issue) [lenny] - python-4suite <no-dsa> (Minor issue) @@ -8013,9 +8014,8 @@ NOTE: This is mostly a missing feature, it''s unlikely that any threaded application NOTE: is using libdkim in the current state, so the practical impact is none CVE-2009-XXXX [libsndfile: potential dos via crafted input] - - libsndfile <unfixed> (low; bug #530831) - [etch] - libsndfile <no-dsa> (minor issue) - [lenny] - libsndfile <no-dsa> (minor issue) + - libsndfile <unfixed> (unimportant; bug #530831) + NOTE: Just a crasher, no code injection CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input] - mimedecode <removed> (low; bug #530430) [etch] - mimedecode <no-dsa> (minor issue) @@ -61213,7 +61213,6 @@ CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...) {DSA-1010-1 DSA-1009-1} - crossfire 1.9.0-2 (medium) - - ilohamail 0.8.14-0rc3sarge1 (medium) CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...) NOT-FOR-US: HitHost CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...) Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2010-01-26 20:52:35 UTC (rev 13923) +++ data/embedded-code-copies 2010-01-26 20:59:29 UTC (rev 13924) @@ -120,6 +120,7 @@ - plt-scheme <unfixed> - perl <unfixed> - paraview <unfixed> + - velvet 0.7.56~nozlibcopy-1 - gcvs <unfixed> - dump <unfixed> - aide <unfixed> (static)