nion at alioth.debian.org
2009-Mar-10 13:58 UTC
[Secure-testing-commits] r11367 - in data: . CVE
Author: nion Date: 2009-03-10 13:58:03 +0000 (Tue, 10 Mar 2009) New Revision: 11367 Modified: data/CVE/list data/spu-candidates.txt Log: - spu notifications - CVE-2009-0819 does not affect mysql in Debian - CVE-2009-0737 fixed in mediawiki 1:1.14.0-1 - CVE-2008-5076 fixed in htop 0.8.1-2 - CVE-2008-4968 fixed in lmbench 3.0-a9-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-10 12:44:59 UTC (rev 11366) +++ data/CVE/list 2009-03-10 13:58:03 UTC (rev 11367) @@ -65,7 +65,7 @@ CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) NOT-FOR-US: phpScheduleIt CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL before 5.1.32 allows remote authenticated ...) - TODO: check + - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5) CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...) TODO: check CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...) @@ -1310,7 +1310,7 @@ - kdebase <unfixed> (low; bug #515106) NOTE: need to submit a request for CVE id CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...) - - mediawiki <unfixed> (low; bug #514547) + - mediawiki 1:1.14.0-1 (low; bug #514547) [lenny] - mediawiki 1:1.12.0-2lenny3 CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...) NOT-FOR-US: Adobe RoboHelp @@ -5608,7 +5608,7 @@ CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...) NOT-FOR-US: Simple PHP Scripts blog CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...) - - htop <unfixed> (unimportant; bug #504144) + - htop 0.8.1-2 (unimportant; bug #504144) NOTE: That scenario is too constructed to call it a security issue, especially NOTE: given that the standard top will display the maliciously hidden processes NOTE: just fine. @@ -8161,7 +8161,7 @@ - audiolink 0.05-1.1 (low; bug #496433) [etch] - audiolink <no-dsa> (Minor issue) CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...) - - lmbench <unfixed> (low; bug #496427) + - lmbench 3.0-a9-1 (low; bug #496427) [etch] - lmbench <no-dsa> (Non-free not supported) CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...) - newsgate <removed> (low; bug #496437) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-03-10 12:44:59 UTC (rev 11366) +++ data/spu-candidates.txt 2009-03-10 13:58:03 UTC (rev 11367) @@ -274,6 +274,7 @@ libarchive-tar-perl (CVE-2007-4829) #449544 +notified maintainer -- @@ -285,6 +286,7 @@ libsamplerate (CVE-2008-5008) https://bugzilla.redhat.com/attachment.cgi?id=323069 +notified maintainer -- @@ -328,6 +330,7 @@ mailscanner (CVE-2008-5312, CVE-2008-5313) #506353 +notified maintainer -- @@ -579,6 +582,7 @@ tqsllib 2.0-8 (CVE-2009-0124) #511509 +notified maintainer --