Author: jmm-guest
Date: 2010-12-15 22:25:15 +0000 (Wed, 15 Dec 2010)
New Revision: 15711
Modified:
data/CVE/list
Log:
- gnome-schedule/pythonpath fixed
- mono fixed
- two xpdf non-issues
- cakephp fixed (in delayed/2)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-12-15 21:14:46 UTC (rev 15710)
+++ data/CVE/list 2010-12-15 22:25:15 UTC (rev 15711)
@@ -419,7 +419,7 @@
[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
CVE-2010-4335 [cakephp controller/component/security.php unsafe unserialize]
RESERVED
- - cakephp <unfixed> (bug #606386)
+ - cakephp 1.3.2-1.1 (bug #606386)
[lenny] - cakephp <not-affected>
NOTE:
https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
CVE-2010-4336 [collectd: DoS in RRDtool and RRDCacheD plugins]
@@ -702,7 +702,7 @@
- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
[lenny] - ironpython <no-dsa> (Minor issue)
CVE-2010-XXXX [python path]
- - gnome-schedule <unfixed> (low; bug #605169)
+ - gnome-schedule 2.1.1-3.1 (low; bug #605169)
[lenny] - gnome-schedule <no-dsa> (Minor issue)
CVE-2010-XXXX [python path]
- gnumed-client 0.8.5-1 (low; bug #605159)
@@ -1057,7 +1057,7 @@
- linux-2.6 2.6.28-1
NOTE: https://bugzilla.redhat.com/CVE-2010-4161
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono
2.8 ...)
- - mono <unfixed> (bug #605097)
+ - mono 2.6.7-4 (bug #605097)
[lenny] - mono <no-dsa> (Minor issue)
CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x
through ...)
- php5 5.3.3-4 (bug #603751)
@@ -1712,7 +1712,6 @@
CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via
symlink attack]
RESERVED
- fuse <unfixed>
- TODO: check
CVE-2010-3878
RESERVED
CVE-2010-3877
@@ -12242,16 +12241,18 @@
RESERVED
CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
RESERVED
- - kdegraphics 4.0
- - xpdf <unfixed>
- - poppler <unfixed>
+ - kdegraphics 4.0 (unimportant)
+ - xpdf <unfixed> (unimportant)
+ - poppler <unfixed> (unimportant)
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
+ NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream
objects]
RESERVED
- - kdegraphics 4.0
- - xpdf <unfixed>
- - poppler <unfixed>
+ - kdegraphics 4.0 (unimportant)
+ - xpdf <unfixed> (unimportant)
+ - poppler <unfixed> (unimportant)
NOTE: https://bugzilla.redhat.com/CVE-2010-0206
+ NOTE: Just a crasher, not treated as a security issue
CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x
before ...)
{DSA-2032-1}
- libpng 1.2.43-1 (low; bug #572308)