Author: jmm-guest
Date: 2010-10-24 10:35:32 +0000 (Sun, 24 Oct 2010)
New Revision: 15514
Modified:
data/CVE/list
Log:
- pidgin squeeze fix
- current vdr fix is not correct
- imp4, poppler NMUed
- two openjdk issues fixed
- slowloris irrelevant for toy httpd like dhttpd
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-10-24 06:18:22 UTC (rev 15513)
+++ data/CVE/list 2010-10-24 10:35:32 UTC (rev 15514)
@@ -462,12 +462,12 @@
RESERVED
CVE-2010-3844
RESERVED
- - ettercap <unfixed> (low; bug #600130)
- [lenny] - ettercap <no-dsa> (Minor issue)
+ - ettercap <unfixed> (low; bug #600130)
+ [lenny] - ettercap <no-dsa> (Minor issue)
CVE-2010-3843
RESERVED
- - ettercap <unfixed> (low; bug #600130)
- [lenny] - ettercap <no-dsa> (Minor issue)
+ - ettercap <unfixed> (low; bug #600130)
+ [lenny] - ettercap <no-dsa> (Minor issue)
CVE-2010-3842
RESERVED
- curl <not-affected> (Doesn''t affect POSIX systems)
@@ -787,6 +787,7 @@
CVE-2010-3711
RESERVED
- pidgin 2.7.4-1
+ [squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710
RESERVED
CVE-2010-3709
@@ -805,7 +806,7 @@
{DSA-2119-1}
- kdegraphics 4.0
- xpdf 3.02-9
- - poppler <unfixed> (bug #599165)
+ - poppler 0.12.4-1.2 (bug #599165)
NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE-2010-3703
RESERVED
@@ -813,7 +814,7 @@
[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
- xpdf 3.02-9
[lenny] - xpdf <not-affected> (Vulnerable code not present)
- - poppler <unfixed> (bug #599165)
+ - poppler 0.12.4-1.2 (bug #599165)
[lenny] - poppler <not-affected> (Vulnerable code not present)
NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
CVE-2010-3702
@@ -821,7 +822,7 @@
{DSA-2119-1}
- kdegraphics 4.0
- xpdf 3.02-9
- - poppler <unfixed> (bug #599165)
+ - poppler 0.12.4-1.2 (bug #599165)
NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2
allows ...)
NOT-FOR-US: Red Hat Enterprise MRG
@@ -838,7 +839,7 @@
[lenny] - freeradius <not-affected> (Vulnerable code not present)
CVE-2010-3695 [XSS vulnerability in the Fetchmail configuration]
RESERVED
- - imp4 <unfixed> (bug #598584)
+ - imp4 4.3.7+debian0-2.1 (bug #598584)
NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
CVE-2010-3694 [Protected preference forms against CSRF attacks]
RESERVED
@@ -1661,7 +1662,7 @@
CVE-2010-3388
RESERVED
CVE-2010-3387 (** DISPUTED ** ...)
- - vdr 1.6.0-18.1 (unimportant; bug #598308)
+ - vdr <unfixed> (unimportant; bug #598308)
NOTE: Only affects a debugging tool, see bug #598308
CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a
zero-length ...)
- ust 0.7-2.1 (bug #598309)
@@ -3912,8 +3913,7 @@
NOT-FOR-US: Microsoft
CVE-2010-2548
RESERVED
- - openjdk-6 <unfixed>
- NOTE: Fixed in experimental
+ - openjdk-6 6b18-1.8.1-1
CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in
GnuPG ...)
{DSA-2076-1}
- gnupg2 2.0.14-2
@@ -13271,7 +13271,7 @@
- sun-java6 6-17-1
[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6
before ...)
- - openjdk-6 <unfixed> (medium; bug #560908)
+ - openjdk-6 6b17~pre3-1 (medium; bug #560908)
- sun-java6 6-17-1
[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank
function in ...)
@@ -17250,9 +17250,7 @@
[etch] - wordpress <not-affected> (Vulnerable code not present)
NOTE: not really a security issue in my opinion, just an annoying bug
CVE-2009-XXXX [libxerces2-java: xml-based firewall bypass / port scanning]
- - libxerces2-java <unfixed> (low; bug #540862)
- [etch] - libxerces2-java <no-dsa> (minor issue)
- [lenny] - libxerces2-java <no-dsa> (minor issue)
+ - libxerces2-java <unfixed> (unimportant; bug #540862)
CVE-2009-XXXX [gri: insecure temp file generation]
- gri 2.12.18-1 (low)
[etch] - gri <no-dsa> (Minor issue)
@@ -19110,7 +19108,7 @@
- squid <not-affected>
- squid3 <not-affected>
NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
- - dhttpd <unfixed> (low; bug #533665)
+ - dhttpd <unfixed> (unimportant; bug #533665)
[etch] - dhttpd <no-dsa> (Minor issue)
[lenny] - dhttpd <no-dsa> (Minor issue)
- lighttpd <not-affected>