Author: jmm-guest Date: 2009-05-24 08:04:56 +0000 (Sun, 24 May 2009) New Revision: 11963 Modified: data/CVE/list data/problematic-packages data/spu-candidates.txt Log: - compiz-fusion-plugins-main no-dsa - two new kernel issues - requested removal for verlihub Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-05-24 04:58:24 UTC (rev 11962) +++ data/CVE/list 2009-05-24 08:04:56 UTC (rev 11963) @@ -9,7 +9,8 @@ CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...) - ctorrent <unfixed> (bug #530255) CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...) - TODO: check + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...) - transmission 1.61-1 (low) [lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30) @@ -287,8 +288,10 @@ RESERVED CVE-2009-1634 RESERVED -CVE-2009-1633 +CVE-2009-1633 [CIFS Unicode issue] RESERVED + - linux-2.6 <unfixed> + - linux-2.6.24 <removed> CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...) {DSA-1804-1} - ipsec-tools 0.7.1-1.5 (medium; bug #528933) @@ -2458,7 +2461,8 @@ CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another ...) NOT-FOR-US: yappa-ng CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with ...) - - compiz-fusion-plugins-main 0.8.2-1 + - compiz-fusion-plugins-main 0.8.2-1 (low) + [lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue) CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy''s PHP ...) NOT-FOR-US: Andy''s PHP Knowledgebase CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...) Modified: data/problematic-packages ==================================================================--- data/problematic-packages 2009-05-24 04:58:24 UTC (rev 11962) +++ data/problematic-packages 2009-05-24 08:04:56 UTC (rev 11963) @@ -21,4 +21,4 @@ verlihub: (May 2009) No maintainer upload for one year, no reply to RC security bug #506530 for six months as of 2009-05-21 - +Requested removal from the archive: 529817 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2009-05-24 04:58:24 UTC (rev 11962) +++ data/spu-candidates.txt 2009-05-24 08:04:56 UTC (rev 11963) @@ -25,6 +25,10 @@ -- +compiz-fusion-plugins-main (CVE-2008-6514) + +-- + coccinelle http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html @@ -72,6 +76,12 @@ -- +smarty (CVE-2009-1669) +#529810 +http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462 + +-- + tau (CVE-2008-5157) #506348 notified maintainer