Author: jmm-guest Date: 2010-02-12 17:46:05 +0000 (Fri, 12 Feb 2010) New Revision: 14082 Modified: data/CVE/list Log: - open-iscsi fixed - kernel fixed - ffmpeg CVEfied - fetchmail issue doesn''t affect Lenny or Etch - Flash NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-02-12 04:12:58 UTC (rev 14081) +++ data/CVE/list 2010-02-12 17:46:05 UTC (rev 14082) @@ -56,6 +56,8 @@ NOT-FOR-US: IBM WebSphere Application CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...) - fetchmail 6.3.13-2 (low) + [lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11) + [etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11) NOTE: the conditions so that this is exploitable are rather obscure CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...) TODO: check @@ -405,7 +407,6 @@ - gnome-screensaver 2.28.2-1 (bug #569084) [etch] - gnome-screensaver <not-affected> (Vulnerable code not present) [lenny] - gnome-screensaver <not-affected> (Vulnerable code not present) - NOTE: Posted to oss-sec CVE-2010-0413 RESERVED CVE-2010-0412 @@ -800,7 +801,7 @@ - linux-2.6.24 <removed> CVE-2010-0306 [kvm privilege escalation] RESERVED - - linux-2.6 <unfixed> + - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...) @@ -827,7 +828,7 @@ - linux-2.6.24 <removed> CVE-2010-0298 [kvm privilege escalation] RESERVED - - linux-2.6 <unfixed> + - linux-2.6 2.6.32-8 [etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25) - linux-2.6.24 <not-affected> (kvm introduced in 2.6.25) - kvm <removed> @@ -1145,8 +1146,10 @@ RESERVED CVE-2010-0187 RESERVED + NOT-FOR-US: Adobe Flash plugin CVE-2010-0186 RESERVED + NOT-FOR-US: Adobe Flash plugin CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...) NOT-FOR-US: Adobe ColdFusion CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...) @@ -4678,12 +4681,6 @@ NOT-FOR-US: BakBone NetVault Backup CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...) NOT-FOR-US: RADactive I-Load -CVE-2009-XXXX [ffmpeg missing input sanitization/crashes] - - ffmpeg 4:0.5+svn20090706-3 (medium; bug #550442) - - xmovie <removed> (medium) - - ffmpeg-debian <removed> (medium) - NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 - NOTE: https://roundup.ffmpeg.org/roundup/ffmpeg/issue1245 CVE-2009-XXXX [xen-tools: world readable disk image files] - xen-tools <removed> (low; bug #548909) [lenny] - xen-tools <no-dsa> (Minor issue) @@ -11512,7 +11509,7 @@ [lenny] - linux-2.6 <not-affected> (introduced in 2.6.29) - linux-2.6.24 <not-affected> (introduced in 2.6.29) CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...) - - open-iscsi <unfixed> (low; bug #547011) + - open-iscsi 2.0.871-1 (low; bug #547011) [lenny] - open-iscsi <no-dsa> (Minor issue) [etch] - open-iscsi <not-affected> (Vulnerable script not yet present) CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...)