jmm-guest at alioth.debian.org
2008-Jan-19 13:15 UTC
[Secure-testing-commits] r7974 - in data: . CVE DTSA
Author: jmm-guest
Date: 2008-01-19 13:15:17 +0000 (Sat, 19 Jan 2008)
New Revision: 7974
Modified:
data/CVE/list
data/DTSA/list
data/spu-candidates.txt
Log:
remove xine dupe
balsa no-dsa
qt ssl cert issue doesn''t affect sarge or etch
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-01-19 13:11:41 UTC (rev 7973)
+++ data/CVE/list 2008-01-19 13:15:17 UTC (rev 7974)
@@ -255,8 +255,7 @@
CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java
System ...)
NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont
function in ...)
- {DTSA-109-1}
- - xine-lib <unfixed> (medium; bug #460551)
+ NOTE: Dupe of CVE-2007-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or
forked ...)
- python-paramiko <unfixed> (medium; bug #460706)
NOTE: http://www.lag.net/pipermail/paramiko/2008-January/000599.html
@@ -2470,7 +2469,8 @@
- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly
...)
- qt4-x11 4.3.3-1
- - qt-x11-free <not-affected> (Vulnerable code not present)
+ [etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
+ - qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964 (The default configuration of autofs 5 in some Linux
distributions, ...)
- autofs 3.1.4-8 (medium)
- autofs5 <unfixed>
@@ -5693,6 +5693,8 @@
NOT-FOR-US: HP-UX
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in
balsa ...)
- balsa 2.3.20-1 (low)
+ [etch] - balsa <no-dsa> (Minor issue)
+ [sarge] - balsa <no-dsa> (Minor issue)
NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor
...)
NOT-FOR-US: CA ARCserve Backup
@@ -9529,8 +9531,8 @@
CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2)
...)
{DSA-1426-1}
- qt-x11-free 3:3.3.7-6
- - qt4-x11 4.3.0-5
- NOTE: there is some dissagreement whether qt4 is affected
+ - qt4-x11 <not-affected> (This problem is not present in any version of
Qt 4)
+ NOTE:
http://trolltech.com/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor
function in ...)
{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1
DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
- poppler 0.5.4-6.1 (bug #435460)
Modified: data/DTSA/list
==================================================================---
data/DTSA/list 2008-01-19 13:11:41 UTC (rev 7973)
+++ data/DTSA/list 2008-01-19 13:15:17 UTC (rev 7974)
@@ -314,5 +314,5 @@
[January 12th, 2008] DTSA-108-1 vlc - multiple vulnerabilities
[lenny] - vlc 0.8.6.c-4.1~lenny1
[January 14th, 2008] DTSA-109-1 xine-lib - heap-based buffer overflow
- {CVE-2008-0225 CVE-2008-0238}
+ {CVE-2008-0225}
[lenny] - xine-lib 1.1.8-3+lenny1
Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt 2008-01-19 13:11:41 UTC (rev 7973)
+++ data/spu-candidates.txt 2008-01-19 13:15:17 UTC (rev 7974)
@@ -11,6 +11,11 @@
--
+balsa (CVE-2007-5007)
+http://bugzilla.gnome.org/attachment.cgi?id=95088&action=view
+
+--
+
beagle (CVE-2005-4791)
notified maintainer