white at alioth.debian.org
2008-Jul-12 09:45 UTC
[Secure-testing-commits] r9316 - data/CVE
Author: white Date: 2008-07-12 09:45:34 +0000 (Sat, 12 Jul 2008) New Revision: 9316 Modified: data/CVE/list Log: Correct gaim entries and add note that it is a transitional package Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-12 08:36:09 UTC (rev 9315) +++ data/CVE/list 2008-07-12 09:45:34 UTC (rev 9316) @@ -562,7 +562,8 @@ - xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized) CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...) - pidgin 2.4.3-1 - - gaim <unfixed> + - gaim 1:2.0.0+fake.1 + NOTE: gaim is now a transitional package depending on pidgin with its own source package NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764 CVE-2008-3137 [GSM SMS dissector in wireshark allows a DoS] - wireshark 1.0.1-1 (low; bug #488834) @@ -587,14 +588,17 @@ - openldap2.3 <unfixed> (medium; bug #488710) CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...) - pidgin <unfixed> (low; bug #488632) - - gaim <unfixed> (low; bug #488632) + - gaim 1:2.0.0+fake.1 + NOTE: gaim is now a transitional package depending on pidgin with its own source package CVE-2008-2956 (Memory leak in Pidgin 2.0.0, and possibly other versions, allows ...) - pidgin <unfixed> (low; bug #488632) - - gaim <unfixed> (low; bug #488632) + - gaim 1:2.0.0+fake.1 + NOTE: gaim is now a transitional package depending on pidgin with its own source package NOTE: jabber servers should not forward malformed XML CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...) - pidgin <unfixed> (low; bug #488632) - - gaim <unfixed> (low; bug #488632) + - gaim 1:2.0.0+fake.1 + NOTE: gaim is now a transitional package depending on pidgin with its own source package NOTE: probably only a bandwidth issue CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...) - mercurial 1.0.1-2 (low; bug #488628)