Secure testing commits - Nov 2008 - r10547 - in data: . CVE DSA

Author: jmm-guest
Date: 2008-11-30 01:13:50 +0000 (Sun, 30 Nov 2008)
New Revision: 10547

Modified:
   data/CVE/list
   data/DSA/list
   data/spu-candidates.txt
Log:
* add one CVD ID to horde3 DSA
* bugzilla <no-dsa>
* add a TODO a <confirmed> tag
* document glibc stub resolver situation


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-11-30 00:21:54 UTC (rev 10546)
+++ data/CVE/list	2008-11-30 01:13:50 UTC (rev 10547)
@@ -1828,6 +1828,7 @@
 CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla
before ...)
 	{DTSA-170-1}
 	- bugzilla 3.0.5.0-1 (low; bug #502019)
+        [etch] - bugzilla <no-dsa> (Minor issue)
 CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in
bBlog ...)
 	NOT-FOR-US: bBlog
 CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the
RMSOFT ...)
@@ -4921,6 +4922,7 @@
 	- horde3 3.2.1+debian0-1 (low; bug #492578)
 	- turba2 2.2.1-1 (low)
 	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable
code, etch has 2.1)
+        TODO: <confirm> tag
 CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x
before ...)
 	- moodle 1.8.1-1 (low)
 	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
@@ -8992,7 +8994,7 @@
 CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before
9.5.0-P1, ...)
 	{DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
 	- bind9 1:9.5.0.dfsg-5 (high)
-	- glibc <unfixed> (low)
+        NOTE: glibc stub resolver relies on source port randomisation in kernel
 	- dnsmasq 2.43-1 (medium; bug #490123)
 	- pdnsd 1.2.6-par-11 (bug #502275)
 	- python-dns 2.3.1-5 (low; bug #490217)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2008-11-30 00:21:54 UTC (rev 10546)
+++ data/DSA/list	2008-11-30 01:13:50 UTC (rev 10547)
@@ -94,7 +94,7 @@
 	{CVE-2008-4440}
 	[etch] - feta 1.4.15+etch1
 [20 Sep 2008] DSA-1642-1 horde3 - cross site scripting
-	{CVE-2008-3823}
+	{CVE-2008-3823 CVE-2008-3824}
 	[etch] - horde3 3.1.3-4etch4
 [20 Sep 2008] DSA-1641-1 phpmyadmin - several issues
 	{CVE-2008-3197 CVE-2008-3456 CVE-2008-3457 CVE-2008-4096}

Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt	2008-11-30 00:21:54 UTC (rev 10546)
+++ data/spu-candidates.txt	2008-11-30 01:13:50 UTC (rev 10547)
@@ -61,6 +61,9 @@
 #480190
 notified maintainer
 
+CVE-2008-4437
+#502019
+
 --
 
 byacc (CVE-2008-3196)