jmm-guest at alioth.debian.org
2008-Nov-30 00:21 UTC
[Secure-testing-commits] r10546 - in data: . CVE
Author: jmm-guest Date: 2008-11-30 00:21:54 +0000 (Sun, 30 Nov 2008) New Revision: 10546 Modified: data/CVE/list data/spu-candidates.txt Log: some no-dsas two typo3 issues don''t affect etch Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-11-29 23:46:37 UTC (rev 10545) +++ data/CVE/list 2008-11-30 00:21:54 UTC (rev 10546) @@ -277,10 +277,11 @@ - libpam-mount 1.2+gitaa4791f-1 (low) [lenny] - libpam-mount 0.44-1+lenny2 CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...) - - tkman <unfixed> (bug #506496) + - tkman <unfixed> (low; bug #506496) + [etch] - tkman <no-dsa> (Minor issue) CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...) - [etch] - tkusr <unfixed> - - tkusr <removed> + [etch] - tkusr <no-dsa> (Minor issue) + - tkusr <removed> (low) CVE-2008-5135 (** DISPUTED ** ...) - os-prober <unfixed> (unimportant) CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...) @@ -490,8 +491,10 @@ NOTE: this is SA32658 CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 backendmodul "fileadmin"] - typo3-src 4.2.3-1 (bug #505324) + [etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected) CVE-2008-XXXX [typo3: XSS vulnerability in Typo3 sysext "felogin"] - typo3-src 4.2.3-1 (bug #505325) + [etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected) CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend] - typo3-src 4.2.3-1 (bug #505326) CVE-2008-XXXX [websvn Cross Site Scripting and Directory Traversal] @@ -14318,11 +14321,14 @@ NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...) - texlive-bin 2007-13 + [etch] - texlive-bin <no-dsa> (Minor issue) CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...) - texlive-bin 2007-13 + [etch] - texlive-bin <no-dsa> (Minor issue) CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...) {DTSA-97-1} - texlive-bin 2007.dfsg.1-1 + [etch] - texlive-bin <no-dsa> (Minor issue) CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...) NOT-FOR-US: php PEAR MDB2 CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2008-11-29 23:46:37 UTC (rev 10545) +++ data/spu-candidates.txt 2008-11-30 00:21:54 UTC (rev 10546) @@ -454,12 +454,21 @@ -- +texlive-bin (CVE-2007-5935, CVE-2007-5936, CVE-2007-5937) + +-- + tintin++ (CVE-2008-0673 CVE-2008-0672 CVE-2008-0671) #465643 notified maintainer -- +tkman (CVE-2008-5137) +#506496 + +-- + tomboy (CVE-2005-4790) notified maintainer