Author: jmm-guest Date: 2010-04-06 21:52:24 +0000 (Tue, 06 Apr 2010) New Revision: 14420 Modified: data/CVE/list data/spu-candidates.txt Log: - opendchub CVEfied - new libnss-db issue - latest round of mozilla issues affects icedove as well - emacsen movemail issues no-dsa - fix entry for fwbuilder - squid not affected by slowloris attack - postgres no-dsa - arora issue a non-issue - one libesmtp issue fixed in 2008, the other one no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-06 21:14:48 UTC (rev 14419) +++ data/CVE/list 2010-04-06 21:52:24 UTC (rev 14420) @@ -142,8 +142,6 @@ - interchange 5.7.6-1 CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...) NOT-FOR-US: com_janews component for Joomla! -CVE-2010-XXXX [opendchub] - - opendchub <unfixed> (bug #576308) CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...) NOT-FOR-US: mm_forum extension for TYPO3 CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...) @@ -191,8 +189,7 @@ CVE-2010-1196 RESERVED CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...) - - libesmtp <undetermined> - NOTE: http://www.openwall.com/lists/oss-security/2010/03/30/10 + - libesmtp 1.0.4-2 (bug #311191) CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...) - sahana <itp> (bug #497414) CVE-2010-1186 @@ -281,8 +278,9 @@ RESERVED - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerable code not yet present) -CVE-2010-1147 +CVE-2010-1147 [opendchub] RESERVED + - opendchub <unfixed> (bug #576308) CVE-2010-1146 RESERVED CVE-2010-1145 @@ -438,7 +436,7 @@ CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...) NOT-FOR-US: Alexander Clauss iCab CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...) - - arora <unfixed> (bug #575785) + - arora <not-affected> (Advisory is wrong, URL range is protected by QUrl) CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...) TODO: check CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...) @@ -1242,17 +1240,24 @@ CVE-2010-0827 RESERVED CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...) - TODO: check + RESERVED + - libnss-db <unfixed> + TODO: File bug CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...) - - emacs21 <removed> - - emacs22 <unfixed> - - xemacs21 <unfixed> - - emacs23 <unfixed> - TODO: check and file bugs + - emacs21 <removed> (low) + [lenny] - emacs21 <no-dsa> (Minor issue) + NOTE: Only exploitable when configured as setgid mail, which isn''t set by default + - emacs22 <unfixed> (low) + [lenny] - emacs22 <no-dsa> (Minor issue) + - xemacs21 <unfixed> (low) + [lenny] - xmacs21 <no-dsa> (Minor issue) + - emacs23 <unfixed> (low) + TODO: check and file bugs, can still be fixed through spus by the maintainers CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...) - fwbuilder 3.0.7-1 (bug #547390; medium) [lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) - libfwbuilder 3.0.7-1 (bug #547390; medium) + [lenny] - libfwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected) NOTE: m68k package in debports in still affected at version 3.0.5 NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7 CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...) @@ -1285,6 +1290,7 @@ - shibboleth-sp <not-affected> (Vulnerable code not present) CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a ''\0'' ...) - libesmtp <unfixed> (bug #572960) + [lenny] - libesmtp <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6 CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...) NOT-FOR-US: VMware Server @@ -1521,6 +1527,7 @@ NOTE: depends on the application that uses libcurl CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...) - postgresql-8.3 <unfixed> (low) + [lenny] - postgresql-8.3 <no-dsa> (Will be fixed through a stable point update) - postgresql-8.4 8.4.2-1 CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver ...) - gtk+2.0 2.18.5-1 @@ -2447,7 +2454,6 @@ CVE-2010-0401 RESERVED CVE-2010-0400 [mahara sql inection] - RESERVED {DSA-2030-1} - mahara 1.2.4-1 (medium) CVE-2010-0399 @@ -2541,7 +2547,8 @@ - postgresql-7.4 <removed> - postgresql-8.1 <removed> - postgresql-8.2 <removed> - - postgresql-8.3 <unfixed> (bug #567058) + - postgresql-8.3 <unfixed> (low; bug #567058) + [lenny] - postgresql-8.3 <no-dsa> (Will be fixed through a stable point update) - postgresql-8.4 8.4.3-1 CVE-2010-XXXX [bozohttpd DoS on incomplete requests] - bozohttpd 20090522-2 (low; bug #566325) @@ -3166,6 +3173,7 @@ - xulrunner <unfixed> (low) [lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series) - iceape 2.0.4-1 + - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...) - xulrunner 1.9.1.9-1 (unimportant) @@ -3192,20 +3200,24 @@ {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 + - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 + - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2027-1} - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 + - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - xulrunner 1.9.1.9-1 - iceape 2.0.4-1 + - icedove 3.0.4-1 [lenny] - iceape <not-affected> (Only a stub package) [lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5) CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the ...) @@ -11313,8 +11325,9 @@ CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers] - apache2 <unfixed> (medium; bug #533661) - apache <removed> (medium; bug #533662) - - squid <unfixed> (medium; bug #533663) - - squid3 <unfixed> (medium; bug #533664) + - squid <not-affected> + - squid3 <not-affected> + NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694 - dhttpd <unfixed> (low; bug #533665) [etch] - dhttpd <no-dsa> (Minor issue) [lenny] - dhttpd <no-dsa> (Minor issue) @@ -14346,6 +14359,7 @@ {DSA-2028-1} - poppler 0.10.6-1 (medium; bug #524806) [etch] - poppler <not-affected> (SplashBitmap code not present) + [lenny] - poppler <no-dsa> (Will be fixed through a point update) TODO: next stable release: [lenny] - poppler 0.8.7-3.1 - xpdf 3.02-2 (bug #575779) - kdegraphics 4:4.0 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2010-04-06 21:14:48 UTC (rev 14419) +++ data/spu-candidates.txt 2010-04-06 21:52:24 UTC (rev 14420) @@ -196,6 +196,11 @@ -- +libesmtp (CVE-2010-1192) +#572960 + +-- + libpam-ssh (CVE-2009-1273) #535877 maintainer notified through initial bug report, said he would work on an update