Secure testing commits - Nov 2010 - r15630 - data/CVE

Author: jmm-guest
Date: 2010-11-30 19:15:32 +0000 (Tue, 30 Nov 2010)
New Revision: 15630

Modified:
   data/CVE/list
Log:
- mmass/pythnpath not in squeeze
- opendnssec/pythonpath fixed, pymca/pythonpath fixed
- py2.5/smtpd no-dsa
- new xen issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-11-29 22:34:41 UTC (rev 15629)
+++ data/CVE/list	2010-11-30 19:15:32 UTC (rev 15630)
@@ -38,8 +38,10 @@
 	- openacs 5.5.1+dfsg-2
 	- dotlrn 2.5.0+dfsg-2
 CVE-2010-XXXX [python path]
-	- opendnssec-signer <unfixed> (low; bug #605161)
+	- pymca 4.4.1p1-1 (low; bug #605160)
 CVE-2010-XXXX [python path]
+	- opendnssec 1.1.3-2 (low; bug #605161)
+CVE-2010-XXXX [python path]
 	- pybliographer <unfixed> (low; bug #605153)
 CVE-2010-XXXX [python path]
 	- calendarserver <unfixed> (low; bug #605157)
@@ -64,6 +66,7 @@
 	[lenny] - distcc <not-affected> (Vulnerable code not present)
 CVE-2010-XXXX [python path]
 	- mmass 3.8.0-2 (low; bug #605150)
+	[squeeze] - mmass <not-affected> (Doesn''t set PYTHONPATH)
 CVE-2010-XXXX [python path]
 	- guake 0.4.2-3 (low; bug #605163)
 CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in
...)
@@ -746,7 +749,7 @@
 CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN
Links ...)
 	NOT-FOR-US: WSN Links
 CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy
1.5.2 and ...)
-	- tomboy <unfixed> (bug #605096)
+	- tomboy 1.2.2-2 (low; bug #605096)
 	[lenny] - tomboy <no-dsa> (Minor issue)
 CVE-2010-4004
 	RESERVED
@@ -1799,7 +1802,8 @@
 CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in
Python ...)
 	- python3.1 3.1.2+20100829-1
 	- python2.6 2.6.6-1 (low; bug #601690)
-	- python2.5 <unfixed> 
+	- python2.5 <unfixed> (low)
+	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	[lenny] - python2.5 <no-dsa> (Minor issue)
 CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly
handle ...)
 	- python2.7 <unfixed> (unimportant)
@@ -3537,7 +3541,7 @@
 	{DSA-2100-1}
 	- openssl 0.9.8o-2 (low; bug #594415)
 CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure
...)
-	TODO: check
+	- linux-2.6 <unfixed>
 CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib
plugin in ...)
 	- vlc 1.1.3-1
 CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)