Author: derevko-guest Date: 2009-06-14 07:12:37 +0000 (Sun, 14 Jun 2009) New Revision: 12121 Modified: data/CVE/list data/ospu-candidates.txt Log: tracked some packages accepted in stable and oldstable Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-13 21:14:23 UTC (rev 12120) +++ data/CVE/list 2009-06-14 07:12:37 UTC (rev 12121) @@ -1121,8 +1121,7 @@ NOT-FOR-US: DFLabs CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used ...) - system-tools-backends 2.6.0-6.1 (low; bug #527952) - [lenny] - system-tools-backends <no-dsa> (Minor issue, scheduled for next point update) - TODO: add after r2 [lenny] - system-tools-backends 2.6.0-2lenny3 + [lenny] - system-tools-backends 2.6.0-2lenny3 [etch] - system-tools-backends <not-affected> (SHA was added to crypt(3) post-etch) CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...) {DSA-1802-1} @@ -2546,10 +2545,10 @@ CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...) - screen 4.0.3-13 (low; bug #521123) [etch] - screen <not-affected> (etch version predates #433338) - [lenny] - screen <no-dsa> (Minor issue) - TODO: add after r2 4.0.3-11+lenny1 + [lenny] - screen 4.0.3-11+lenny1 CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...) - screen 4.0.3-13 (unimportant; bug #521123) + [lenny] - screen 4.0.3-11+lenny1 NOTE: documented behaviour "or the public accessible screen-exchange", see man screen CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...) - bugzilla <unfixed> (low; bug #514143) @@ -3181,8 +3180,7 @@ NOT-FOR-US: Apple Safari CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...) - kfreebsd-7 7.1-3 - [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) - TODO: lenny r02 - kfreebsd-7 7.0-7lenny1 + [lenny] - kfreebsd-7 7.0-7lenny1 CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and ...) NOT-FOR-US: Openfire CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin ...) @@ -8833,8 +8831,7 @@ - kfreebsd-6 <unfixed> [lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported) - kfreebsd-7 7.1-1 - [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported) - TODO: lenny r02 - kfreebsd-7 7.0-7lenny1 + [lenny] - kfreebsd-7 7.0-7lenny1 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...) - openssh <unfixed> (low; bug #506115) [etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv) @@ -26664,7 +26661,7 @@ [etch] - perl <not-affected> (Was merged into Perl as of 5.10) - libarchive-tar-perl 1.38-1 (low; bug #449544) [sarge] - libarchive-tar-perl <no-dsa> (Minor issue) - [etch] - libarchive-tar-perl <no-dsa> (Minor issue) + [etch] - libarchive-tar-perl 1.38-3~etch1 CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...) - mediawiki 1.10.2-1 (low; bug #442255) [etch] - mediawiki <not-affected> (Does not include the vulnerable code) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2009-06-13 21:14:23 UTC (rev 12120) +++ data/ospu-candidates.txt 2009-06-14 07:12:37 UTC (rev 12121) @@ -311,12 +311,6 @@ -- -libarchive-tar-perl (CVE-2007-4829) -#449544 -notified maintainer - --- - libpam-ssh (CVE-2007-0844) #410236 notified maintainer