Author: geissert Date: 2010-02-07 06:37:10 +0000 (Sun, 07 Feb 2010) New Revision: 14050 Modified: data/CVE/list Log: automake issue is not unimportant Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-02-07 06:30:51 UTC (rev 14049) +++ data/CVE/list 2010-02-07 06:37:10 UTC (rev 14050) @@ -2814,18 +2814,15 @@ - mysql-dfsg-5.0 <removed> TODO: check CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...) - - automake 1:1.11-1 (unimportant) - - automake1.9 <unfixed> (unimportant) - - automake1.7 <unfixed> (unimportant) - - automake1.10 <unfixed> (unimportant) - NOTE: for this to be exploited, an attacker needs to have account on the same - NOTE: system as the developer building the package, and that attacker needs to - NOTE: insert malicious data into the vulnerable directory in a small time frame. - NOTE: theoretically it may be possible, but it is highly unlikely, so this is - NOTE: being considered unimportant. - NOTE: for the paranoid, the only proper solution would be to rebuild the entire - NOTE: archive with a patched version of automake and enforce that all - NOTE: developers use a patched automake. + - automake 1:1.11-1 + [lenny] - automake <no-dsa> (Minor issue) + - automake1.9 <unfixed> + [lenny] - automake1.9 <no-dsa> (Minor issue) + - automake1.7 <unfixed> + [lenny] - automake1.7 <no-dsa> (Minor issue) + - automake1.10 <unfixed> + [lenny] - automake1.10 <no-dsa> (Minor issue) + NOTE: spu will be released to avoid spreading the bug even further NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...) - mysql-dfsg-5.1 5.1.41-1