thr3ads.net - Secure testing commits - [Secure-testing-commits] r14381

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2010-Apr-02 20:15 UTC

[Secure-testing-commits] r14381 - data/CVE

Author: jmm-guest
Date: 2010-04-02 20:15:40 +0000 (Fri, 02 Apr 2010)
New Revision: 14381

Modified:
   data/CVE/list
Log:
- kdelibs triage
- sahana only an RFP
- new opendchub issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-02 15:50:15 UTC (rev 14380)
+++ data/CVE/list	2010-04-02 20:15:40 UTC (rev 14381)
@@ -1,5 +1,7 @@
 CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews)
...)
 	TODO: check
+CVE-2010-XXXX [opendchub]
+	- opendchub <unfixed> (bug filed)
 CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum
extension ...)
 	TODO: check
 CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...)
@@ -49,11 +51,11 @@
 CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1,
and ...)
 	TODO: check
 CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other
...)
-	TODO: check
+	NOT-FOR-US: Sahana
 CVE-2010-1186
 	RESERVED
 CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in
...)
-	TODO: check
+	NOT-FOR-US: ClickHeat plugin
 CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the
Linux ...)
 	- linux-2.6 2.6.20-1
 CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality
in ...)
@@ -6113,7 +6115,7 @@
 	[lenny] - perl <not-affected> (Vulnerable code not present)
 	[etch] - perl <not-affected> (Vulnerable code not present)
 CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana
0.6.2.2 ...)
-	- sahana <itp> (bug #497414)
+	NOT-FOR-US: Sahana
 CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c
in ...)
 	- linux-2.6 2.6.31-2 (low)
 	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
@@ -10291,6 +10293,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests
function in ...)
 	- webkit 1.1.10-1
+	- kdelibs <unfixed> (low)
 CVE-2009-2418
 	RESERVED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
@@ -27386,6 +27389,7 @@
 	NOT-FOR-US: Alias Manager in Apple Mac OS X
 CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before
3.1.2, as ...)
 	- webkit 1.0.1-1
+	- kdelibs <unfixed>
 	NOTE: http://trac.webkit.org/changeset/34204
 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret
the ...)
 	NOT-FOR-US: Windows issue
@@ -60002,7 +60006,7 @@
 	- webkit 1.0.1-1 (bug #535793)
 	NOTE: http://trac.webkit.org/changeset/33380
 	- qt4-x11 <undetermined> (bug #561760)
-	- kdelibs <undetermined> (bug #561765)
+	- kdelibs <not-affected> (bug #561765)
 	- kde4libs <undetermined> (bug #561762)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}

Michael Gilbert

2010-Apr-02 22:07 UTC

head link

[Secure-testing-commits] r14381 - data/CVE

On Fri,  2 Apr 2010 20:15:47 +0000 Moritz Muehlenhoff wrote:
> Author: jmm-guest
> Date: 2010-04-02 20:15:40 +0000 (Fri, 02 Apr 2010)
> New Revision: 14381
> 
> Modified:
>    data/CVE/list
> Log:
> - kdelibs triage
> - sahana only an RFP
[...]> CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana
0.6.2.2 ...)
> -	- sahana <itp> (bug #497414)
> +	NOT-FOR-US: Sahana
i think the point of the <itp> tag is to provide an error as soon as
someone
uploads a package with that name; rather than a desire to accurately reflect
the wnpp state.

NFU makes it highly likely that the issue will end up ignored for a long time
if the package does get uploaded.

mike

Secure testing commits - Apr 2010 - r14381 - data/CVE

[Secure-testing-commits] r14381 - data/CVE

[Secure-testing-commits] r14381 - data/CVE