Author: gilbert-guest Date: 2009-04-28 15:11:19 +0000 (Tue, 28 Apr 2009) New Revision: 11732 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: - pptp-linux issue fixed in unstable - pam issue unimportant and candidate for spu/ospu Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-04-28 02:38:22 UTC (rev 11731) +++ data/CVE/list 2009-04-28 15:11:19 UTC (rev 11732) @@ -285,7 +285,7 @@ NOTE: - if you can make it "harder" for an attacker to hide himself, shouldn''t you do so? NOTE: - this problem has been fixed in unstable, so it should be tracked with a non-unimportant urgency CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions] - - pptp-linux <unfixed> (low; bug #523476) + - pptp-linux 1.7.2-3 (low; bug #523476) [lenny] - pptp-linux <no-dsa> (Minor issue) CVE-2009-XXXX [slurm-llnl doesn''t drop supplementary groups] - slurm-llnl 1.3.15-1 (bug #524980) @@ -3325,7 +3325,13 @@ CVE-2009-0580 RESERVED CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...) - - pam <unfixed> (bug #514437) + - pam <unfixed> (unimportant; bug #514437) + [etch] - pam <no-dsa> (violation of administrator''s policy, not a vulnerability) + [lenny] - pam <no-dsa> (violation of administrator''s policy, not a vulnerability) + NOTE: the ability to change a password earlier than scheduled is not a security + NOTE: vulnerability in itself (unless the user changes their password back to + NOTE: their previous password; thus violating the security policy as defined by + NOTE: the administrator) CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...) - network-manager-applet 0.7.0.99-1 (medium) CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2009-04-28 02:38:22 UTC (rev 11731) +++ data/ospu-candidates.txt 2009-04-28 15:11:19 UTC (rev 11732) @@ -451,6 +451,12 @@ -- +pam (CVE-2009-0579) +#514437 +asked maintainer in mail + +-- + paramiko (CVE-2008-0299) #460706 notified maintainer Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-04-28 02:38:22 UTC (rev 11731) +++ data/spu-candidates.txt 2009-04-28 15:11:19 UTC (rev 11732) @@ -62,6 +62,12 @@ -- +pam (CVE-2009-0579) +#514437 +asked maintainer in mail + +-- + pptp-linux (no CVE) #523476 asked maintainer in mail