thr3ads.net - Secure testing commits - [Secure-testing-commits] r12752

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2009-Sep-06 07:07 UTC
[Secure-testing-commits] r12752 - data/CVE

Author: derevko-guest
Date: 2009-09-06 07:07:11 +0000 (Sun, 06 Sep 2009)
New Revision: 12752

Modified:
   data/CVE/list
Log:
- lenny point release
- openoffice issues fixed in unstable


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-05 15:29:49 UTC (rev 12751)
+++ data/CVE/list	2009-09-06 07:07:11 UTC (rev 12752)
@@ -624,8 +624,7 @@
 	NOT-FOR-US: TikiWiki
 CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and
possibly ...)
 	- pidgin 2.6.1-1 (low; bug #542891)
-	[lenny] - pidgin <no-dsa> (Minor issue)
-	TODO: next point update: [lenny] - pidgin_2.4.3-4lenny4
+	[lenny] - pidgin 2.4.3-4lenny4
 	NOTE: gaim nof affected, it never claimed to support TLS/SSL
 	NOTE: http://developer.pidgin.im/ticket/8131
 	NOTE:
http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
@@ -727,8 +726,7 @@
 	TODO: request CVE id
 CVE-2009-XXXX [burn: Insecure escaping of file names]
 	- burn <unfixed> (low; bug #542329)
-	[lenny] - burn <no-dsa> (Minor issue)
-	TODO: next point update [lenny] - burn 0.4.3-2.2
+	[lenny] - burn 0.4.3-2.1+lenny1
 	[etch] - burn <no-dsa> (Minor issue)
 CVE-2009-2880
 	RESERVED
@@ -826,22 +824,22 @@
 	{DSA-1872-1}
 	- linux-2.6 2.6.30-4 (medium)
 	- linux-2.6.24 <removed>
-	TODO: add after r3 [lenny] - linux-2.6 2.6.26-19 (medium)
+	[lenny] - linux-2.6 2.6.26-19 (medium)
 CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and
...)
 	{DSA-1872-1}
 	- linux-2.6 <unfixed> (low)
 	- linux-2.6.24 <removed>
-	TODO: add after r3 [lenny] - linux-2.6 2.6.26-19 (low)
+	[lenny] - linux-2.6 2.6.26-19 (low)
 CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel
2.4 ...)
 	{DSA-1872-1}
 	- linux-2.6 2.6.30-6 (low)
 	- linux-2.6.24 <removed>
-	TODO: add after r3 [lenny] - linux-2.6 2.6.26-19 (low)
+	[lenny] - linux-2.6 2.6.26-19 (low)
 CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component
...)
 	{DSA-1872-1}
 	- linux-2.6 2.6.30-6 (low)
 	- linux-2.6.24 <removed>
-	TODO: add after r3 [lenny] - linux-2.6 2.6.26-19 (low)
+	[lenny] - linux-2.6 2.6.26-19 (low)
 CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1
and ...)
 	- linux-2.6 <unfixed> (medium)
 	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
@@ -1687,8 +1685,7 @@
 CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django
1.0 and ...)
 	- python-django 1.1-1 (low; bug #539134)
 	[etch] - python-django <no-dsa> (Minor issue)
-	[lenny] - python-django <no-dsa> (Minor issue)
-	TODO: next point update: [lenny] - python-django 1.0.2-1+lenny1
+	[lenny] - python-django 1.0.2-1+lenny1
 CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the
...)
 	NOT-FOR-US: BlackBerry Products
 CVE-2009-XXXX [ser2net DoS]
@@ -2277,12 +2274,10 @@
 	NOT-FOR-US: Jobbr
 CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...)
 	- tor 0.2.0.35-1 (low; bug #537148)
-	[lenny] - tor <no-dsa> (Minor issue, scheduled for next point update)
-	TODO: add after r3 [lenny] - tor 0.2.0.35-1~lenny1
+	[lenny] - tor 0.2.0.35-1~lenny1
 CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of
...)
 	- tor 0.2.0.35-1 (low; bug #537148)
-	[lenny] - tor <no-dsa> (Minor issue, scheduled for next point update)
-	TODO: add after r3 [lenny] - tor 0.2.0.35-1~lenny1
+	[lenny] - tor 0.2.0.35-1~lenny1
 CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay
Clone ...)
 	NOT-FOR-US: Ebay Clone 2009
 CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009
allows ...)
@@ -2298,7 +2293,6 @@
 	TODO: check lenny/sid; they are likely fixed according to the report, but i
did not check
 CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
 	- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
-	[lenny] - libio-socket-ssl-perl <no-dsa> (Scheduled for next point
update)
 	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
 	NOTE: hostname validition is not implemented until 1.14, so etch 
 	NOTE: is in a way is not affected, but in another sense, it is 
@@ -2762,9 +2756,8 @@
 	NOT-FOR-US: PeaZIP
 CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the
contents ...)
 	- stardict 3.0.1-5 (low; bug #534731)
-	[lenny] - stardict <no-dsa> (Minor issue)
 	[etch] - stardict <not-affected> (netdict plugin not yet present)
-	TODO: add after r3 [lenny] - stardict 3.0.1-4+lenny1
+	[lenny] - stardict 3.0.1-4+lenny1
 CVE-2009-2259 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x
allow ...)
 	NOT-FOR-US: PHP Address Book
 CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
@@ -2986,9 +2979,8 @@
 	NOT-FOR-US: fuzzylime
 CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function
in ...)
 	- xcftools 1.0.7-1 (low; bug #533361)
-	[lenny] - xcftools <no-dsa> (Minor issue)
 	[etch] - xcftools <no-dsa> (Minor issue)
-	TODO: add after r3 [lenny] - xcftools 1.0.4-1+lenny1
+	[lenny] - xcftools 1.0.4-1+lenny1
 CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of
service ...)
 	- gupnp 0.12.6-3.1 (low; bug #534594)
 CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated
users ...)
@@ -3061,7 +3053,7 @@
 CVE-2009-2140
 	RESERVED
 CVE-2009-2139
-	RESERVED
+	- openoffice.org 3.1.1~ooo310m15-1
 	{DSA-1880-1}
 CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08
allow ...)
 	NOT-FOR-US: TBDev.NET
@@ -3153,7 +3145,7 @@
 	NOT-FOR-US: Webmedia Explorer
 CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for
SuperUsers]
 	- request-tracker3.6 3.6.8-1 (low; bug #532990)
-	TODO: add after r3 [lenny] - request-tracker3.6 3.6.7-5+lenny1
+	[lenny] - request-tracker3.6 3.6.7-5+lenny1
 CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services
(civserv) ...)
 	NOT-FOR-US: Virtual Civil Services extension for TYPO3
 CVE-2009-2105 (SQL injection vulnerability in the References database
(t3references) ...)
@@ -3504,7 +3496,7 @@
 	NOTE: fixed in lenny 5.0.2 release
 CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
 	- irssi 0.8.13-2 (low; bug #532607; bug #531357)
-	TODO: add after r3 [lenny] - irssi 0.8.12-7
+	[lenny] - irssi 0.8.12-7
 	TODO: add after r9 [etch] - irssi 0.8.10-3
 	NOTE: exploitability limited, DoS rather obscure attack scenario
 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache
...)
@@ -3713,7 +3705,7 @@
 	- xerces27 <removed>
 CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the
...)
 	- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
-	TODO: add after r3 [lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
+	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
 CVE-2009-1883
 	RESERVED
 CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c
in ...)
@@ -4269,7 +4261,6 @@
 CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic
cookie ...)
 	- slim <removed> (low; bug #529306)
 	[lenny] - slim <no-dsa> (Minor issue)
-	TODO: next point release [lenny] - slim 1.3.0-1+lenny2
 CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in
packet.c ...)
 	{DSA-1803-1}
 	- nsd3 3.2.2-1 (medium; bug #529418)
@@ -5080,11 +5071,10 @@
 	TODO: determine whether icedove truely affected or whether issue solely within
xulrunner
 CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
 	- perl 5.10.0-23 (low; bug #532736)
-	[lenny] - perl <no-dsa> (Minor issue)
 	[etch] - perl <not-affected> (Doesn''t yet include
Compress-Raw-Zlib)
 	- libcompress-raw-zlib-perl 2.015-2 (low; bug #532738)
-	TODO: add after r3 [lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
-	TODO: add after r3 [lenny] - perl 5.10.0-19lenny1
+	[lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
+	[lenny] - perl 5.10.0-19lenny1
 CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2)
...)
 	- mutt 1.5.20-1
 	[lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19)
@@ -5592,9 +5582,8 @@
 	NOT-FOR-US: Dojo
 CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is
compiled ...)
 	- libpam-ssh 1.92-7 (low; bug #535877)
-	[lenny] - libpam-ssh <no-dsa> (Minor issue)
 	[etch] - libpam-ssh <no-dsa> (Minor issue)
-	TODO: add after r3 [lenny] - libpam-ssh 1.91.0-9.3+lenny1
+	[lenny] - libpam-ssh 1.91.0-9.3+lenny1
 CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP
5.2.x ...)
 	{DTSA-188-1}
 	- php5 5.2.6.dfsg.1-3
@@ -9922,10 +9911,10 @@
 	NOT-FOR-US: Microsoft
 CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1
might ...)
 	{DSA-1880-1}
-	TODO: check
+	- openoffice.org 3.1.1~ooo310m15-1
 CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 might
allow ...)
 	{DSA-1880-1}
-	TODO: check
+	- openoffice.org 3.1.1~ooo310m15-1
 CVE-2009-0199
 	RESERVED
 CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7
and ...)
Secure testing commits - Sep 2009 - r12752 - data/CVE

[Secure-testing-commits] r12752 - data/CVE
