Secure testing commits - Jun 2011 - r16743 - data/CVE

Author: jmm
Date: 2011-06-01 05:28:38 +0000 (Wed, 01 Jun 2011)
New Revision: 16743

Modified:
   data/CVE/list
Log:
record asterisk and ikiwiki fixes in sid (already fixed in stable through DSAs)
two roundcube issues (fixed in unstable)
new systemtap issue (front desk, please file bug, might need a ticket, dunno
enough about stap)
new perl issue (affecting oldstable/stable) (front desk, please create
ticket/bug)
NFU


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-05-31 21:08:48 UTC (rev 16742)
+++ data/CVE/list	2011-06-01 05:28:38 UTC (rev 16743)
@@ -791,7 +791,7 @@
 CVE-2011-1829
 	RESERVED
 CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not
enforce ...)
-	TODO: check
+	NOT-FOR-US: usb-creator, Ubuntu-specific package
 CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5
...)
 	- libmojolicious-perl 0.999929-1
 CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly
perform ...)
@@ -982,6 +982,10 @@
 	RESERVED
 CVE-2011-1781
 	RESERVED
+	- systemtap <unfixed>
+	[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
+	[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
 CVE-2011-1780
 	RESERVED
 CVE-2011-1779
@@ -1015,6 +1019,9 @@
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit
e77b8363b2ea7c0d89919547c1a8b0562f298b57)
 CVE-2011-1769
 	RESERVED
+	- systemtap <unfixed>
+	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
+	NOTE:
http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
 CVE-2011-1768
 	RESERVED
 CVE-2011-1767
@@ -1668,7 +1675,7 @@
 	RESERVED
 CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before
1.6.1.25, ...)
 	{DSA-2225-1}
-	TODO: check
+	- asterisk 1:1.8.3.3-1
 CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects
Pre ...)
 	NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
 CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before
6.x-1.5 ...)
@@ -1722,9 +1729,11 @@
 	RESERVED
 	- linux-2.6 2.6.38-4
 CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does
not ...)
-	TODO: check
+	- roundcube 0.5.1-1
+	TODO: check impact with maintainer for stable with maintainer, seems harmless
 CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not
properly ...)
-	TODO: check
+	- roundcube 0.5.1-1
+	TODO: check impact with maintainer for stable with maintainer, seems harmless
 CVE-2011-1490
 	RESERVED
 	- rsyslog 5.7.6-1 (low)
@@ -2072,7 +2081,7 @@
 	- mahara 1.3.6-1
 CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the
htmlscrubber ...)
 	{DSA-2214-1}
-	TODO: check
+	- ikiwiki 3.20110328
 CVE-2011-1400 (The default configuration of the shell_escape_commands directive
in ...)
 	{DSA-2198-1}
 	- tex-common 2.09
@@ -3890,7 +3899,7 @@
 CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before
2.3.3 ...)
 	TODO: check
 CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial
of ...)
-	TODO: check
+	- perl 5.12.0-1 (low)
 CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
 	NOT-FOR-US: WP Related Posts plugin for WordPress
 CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)