Moritz Muehlenhoff
2009-Jun-11 21:59 UTC
[Secure-testing-commits] r12108 - in data: . CVE packages
Author: jmm-guest
Date: 2009-06-11 21:59:06 +0000 (Thu, 11 Jun 2009)
New Revision: 12108
Modified:
data/CVE/list
data/packages/removed-packages
data/spu-candidates.txt
Log:
- new issues: kfreebsd (2x), adtool, kernel, webkit (2x), tomcat
- bugnum
- cscope fixed
- fix webkit entries, all issues are tracked by source packages,
not binary package names
- atmailopen was removed from the archive
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-11 21:14:21 UTC (rev 12107)
+++ data/CVE/list 2009-06-11 21:59:06 UTC (rev 12108)
@@ -1,3 +1,19 @@
+CVE-2009-XXXX [freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+ - kfreebsd-6 <removed>
+ [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
+ - kfreebsd-7 <unfixed>
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
+ NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+ TODO: File bug
+CVE-2009-XXXX [freebsd Local information disclosure via direct pipe writes]
+ - kfreebsd-6 <removed>
+ [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
+ - kfreebsd-7 <unfixed>
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
+ NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
+ TODO: File bug
+CVE-2009-XXXX [adtool leaks password in environment]
+ - adtool 1.3.2-1 (low)
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local
users ...)
TODO: check
CVE-2009-2026
@@ -153,7 +169,9 @@
- chromium-browser <itp> (low; bug #520324)
TODO: tracking fringe browsers (lynx, w3m, dillo), but need to check whether
they are really affected or not
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux
kernel ...)
- TODO: check
+ - linux-2.6 <unfixed>
+ [etch] - linux-2.6 <not-affected> (Affected code was introduced in
2.6.19)
+ - linux-2.6.24 <removed>
CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
- irssi <unfixed> (low; bug #532607)
NOTE: exploitability limited, DoS rather obscure attack scenario
@@ -729,13 +747,15 @@
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
TODO: check
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
- TODO: check
+ - webkit <unfixed>
+ TODO: File bug
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0
does not ...)
TODO: check
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before 4.0 ...)
TODO: check
CVE-2009-1698 (WebKit in Apple Safari before 4.0 does not initialize a pointer
during ...)
- TODO: check
+ - webkit <unfixed>
+ TODO: File bug
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before
4.0 ...)
TODO: check
CVE-2009-1696 (WebKit in Apple Safari before 4.0 uses predictable random
numbers in ...)
@@ -3350,9 +3370,8 @@
{DSA-1784-1}
- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as
used in ...)
- - libqt4-x11 <unfixed> (medium; bug #532718)
- - webkit <unfixed> (medium; bug #532724)
- - libwebkit-1.0-1 <unfixed> (medium; bug #532725)
+ - qt4-x11 <unfixed> (medium; bug #532718)
+ - webkit <unfixed> (medium; bug #532724; bug #532725)
CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple
Mac OS X ...)
NOT-FOR-US: Microsoft Office Spotlight
CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7
does not ...)
@@ -5812,7 +5831,7 @@
- fail2ban 0.8.3-2sid1 (low; bug #514163)
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su
in ...)
{DSA-1722-1 DSA-1721-1}
- - libpam-heimdal 3.10-2.1
+ - libpam-heimdal 3.10-2.1 (bug #516695)
- libpam-krb5 3.13-2
[lenny] - libpam-krb5 3.11-4
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT
Kerberos, ...)
@@ -6542,7 +6561,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote
...)
{DSA-1806-1}
- - cscope <unfixed> (low; bug #528510)
+ - cscope 15.7a-1 (low; bug #528510)
CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2
and ...)
{DSA-1793-1 DSA-1790-1}
- poppler <unfixed> (medium; bug #524806)
@@ -7761,8 +7780,14 @@
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows
remote ...)
{DSA-1708-1}
- git-core 1:1.5.6-1
-CVE-2008-5515
+CVE-2008-5515 [Apache Tomcat information disclosure vulnerability]
RESERVED
+ - tomcat5 <removed>
+ - tomcat5.5 <unfixed>
+ - tomcat6 <unfixed>
+ TODO: File bug
+ NOTE: http://tomcat.apache.org/security-6.html
+ NOTE: http://tomcat.apache.org/security-5.html
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
{DTSA-174-2}
- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
Modified: data/packages/removed-packages
==================================================================---
data/packages/removed-packages 2009-06-11 21:14:21 UTC (rev 12107)
+++ data/packages/removed-packages 2009-06-11 21:59:06 UTC (rev 12108)
@@ -213,3 +213,4 @@
amaya
tomcat5
openssh-krb5
+atmailopen
\ No newline at end of file
Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt 2009-06-11 21:14:21 UTC (rev 12107)
+++ data/spu-candidates.txt 2009-06-11 21:59:06 UTC (rev 12108)
@@ -48,6 +48,24 @@
--
+kfreebsd-6
+[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+
+[freebsd Local information disclosure via direct pipe writes]
+http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
+
+--
+
+kfreebsd-7
+[freebsd Missing permission check on SIOCSIFINFO_IN6 ioctl]
+http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+
+[freebsd Local information disclosure via direct pipe writes]
+http://security.freebsd.org/advisories/FreeBSD-SA-09:09.pipe.asc
+
+--
+
kvm 82-1 (CVE-2008-5714)
#509997
notified maintainer