jmm-guest at alioth.debian.org
2009-Feb-18 18:12 UTC
[Secure-testing-commits] r11235 - data/CVE
Author: jmm-guest
Date: 2009-02-18 18:11:59 +0000 (Wed, 18 Feb 2009)
New Revision: 11235
Modified:
data/CVE/list
Log:
- wireshark CVEfied and fixed in sid
- new evolution issue
- add krb-pam issue
- lenny fixes for gpsdrive
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-02-18 10:41:57 UTC (rev 11234)
+++ data/CVE/list 2009-02-18 18:11:59 UTC (rev 11235)
@@ -5,11 +5,17 @@
CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in
WikkiTikkiTavi ...)
NOT-FOR-US: WikkiTikkiTavi
CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on
...)
- TODO: check
+ - wireshark 1.0.6-1
+ [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.8)
+ [lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote
attackers ...)
- TODO: check
+ - wireshark 1.0.6-1
+ [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.6)
+ [lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7
through ...)
- TODO: check
+ - wireshark 1.0.6-1
+ [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.7)
+ [lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and
1.8 ...)
NOT-FOR-US: PhpMesFilms
CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b>cms
(aka ...)
@@ -143,7 +149,7 @@
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional
Report ...)
NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of
the ...)
- TODO: check
+ - evolution <unfixed> (low; bug #508479)
CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and
earlier ...)
NOT-FOR-US: NewsGator FeedDemon
CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows
remote ...)
@@ -259,18 +265,6 @@
CVE-2009-XXXX [mediawiki XSS in installer scripts]
[lenny] - mediawiki 1:1.12.0-2lenny3 (low; bug #514547)
NOTE: CVE id was requested on oss-sec
-CVE-2009-XXXX [Wireshark: $HOME issue ]
- - wireshark <unfixed>
- [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.8)
- [lenny] - wireshark 1.0.2-3+lenny4
-CVE-2009-XXXX [Wireshark: NetScreen issue ]
- - wireshark <unfixed>
- [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.7)
- [lenny] - wireshark 1.0.2-3+lenny4
-CVE-2009-XXXX [Wireshark: Texktronix issue]
- - wireshark <unfixed>
- [etch] - wireshark <not-affected> (Vulnerable code not present,
introduced in 0.99.6)
- [lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0524
RESERVED
CVE-2009-0523
@@ -869,6 +863,7 @@
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su
in ...)
{DSA-1722-1 DSA-1721-1}
- libpam-heimdal 3.10-2.1
+ - libpam-krb5 3.13-2
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT
Kerberos, ...)
{DSA-1721-1}
- libpam-krb5 3.13-2
@@ -2251,9 +2246,11 @@
CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4
might ...)
- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
[etch] - gpsdrive <no-dsa> (Minor issue)
+ [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to
...)
- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
[etch] - gpsdrive <no-dsa> (Minor issue)
+ [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
- linux-2.6 2.6.26-13
- linux-2.6.24 <removed>
@@ -3079,6 +3076,7 @@
CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to
overwrite ...)
- gpsdrive 2.10~pre4-6.dfsg-2 (low)
[etch] - gpsdrive <no-dsa> (Minor issue)
+ [lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite
arbitrary ...)
- netdisco-mibs-installer (low; bug #508940)
[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)