Author: jmm Date: 2011-04-24 20:31:27 +0000 (Sun, 24 Apr 2011) New Revision: 16592 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: fixup old glibc entry asterisk updates new minor fail2ban issue (no-dsa) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-04-24 20:27:36 UTC (rev 16591) +++ data/CVE/list 2011-04-24 20:31:27 UTC (rev 16592) @@ -1,5 +1,9 @@ CVE-2011-1826 RESERVED +CVE-2011-XXXX [fail2ban: Insecure creating/writing to tmpfile] + - fail2ban 0.8.4+svn20110323-1 (low; bug #544232) + [lenny] - fail2ban <no-dsa> (Minor issue) + [squeeze] - fail2ban <no-dsa> (Minor issue) CVE-2011-1825 RESERVED CVE-2011-1824 @@ -512,8 +516,9 @@ RESERVED CVE-2011-1600 RESERVED -CVE-2011-1599 +CVE-2011-1599 [AST 2011-006] RESERVED + - asterisk <unfixed> CVE-2011-1598 RESERVED CVE-2011-1597 @@ -1688,8 +1693,10 @@ [lenny] - apache2-mpm-itk <not-affected> (bug was introduced later, in 2.2.11-01) CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...) - asterisk <unfixed> + [lenny] - asterisk <not-affected> (Vulnerable code not present) CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x ...) - asterisk <unfixed> + [lenny] - asterisk <not-affected> (Vulnerable code not present) CVE-2011-1173 RESERVED - linux-2.6 2.6.38-4 (low) @@ -3552,7 +3559,7 @@ - mediawiki <not-affected> (Only affected when running on Windows or Novell Netware) CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in ...) - eglibc 2.11.2-8 (bug #600667) - - glibc <removed> + - glibc <not-affected> (Lenny version not affected) CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...) NOT-FOR-US: zikula CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not ...) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2011-04-24 20:27:36 UTC (rev 16591) +++ data/ospu-candidates.txt 2011-04-24 20:31:27 UTC (rev 16592) @@ -153,6 +153,11 @@ -- +fail2ban [fail2ban: Insecure creating/writing to tmpfile] +#544232 + +-- + fastjar (CVE-2010-0831, CVE-2010-2322) -- Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-04-24 20:27:36 UTC (rev 16591) +++ data/spu-candidates.txt 2011-04-24 20:31:27 UTC (rev 16592) @@ -26,6 +26,11 @@ -- +fail2ban [fail2ban: Insecure creating/writing to tmpfile] +#544232 + +-- + feedparser CVE-2011-1158 [sanitizer doesn''t strip unsafe URI schemes] CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]