thr3ads.net - Secure testing commits - [Secure-testing-commits] r12963

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2009-Oct-09 19:28 UTC

[Secure-testing-commits] r12963 - in data: CVE DSA

Author: gilbert-guest
Date: 2009-10-09 19:28:13 +0000 (Fri, 09 Oct 2009)
New Revision: 12963

Modified:
   data/CVE/list
   data/DSA/list
Log:
- tracking for opensaml2/shibboleth-sp2 issues
- source package for oping is liboping

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-10-09 18:20:29 UTC (rev 12962)
+++ data/CVE/list	2009-10-09 19:28:13 UTC (rev 12963)
@@ -237,17 +237,23 @@
 	{DSA-1896-1 DSA-1895-1}
 	- xmltooling 1.2.2-1
 	- opensaml <removed>
+	- opensaml2 <unfixed>
 	- shibboleth-sp <removed>
+	- shibboleth-sp2 <unfixed>
 CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before
1.3.3 and ...)
 	{DSA-1896-1 DSA-1895-1}
 	- xmltooling 1.2.2-1
 	- opensaml <removed>
+	- opensaml2 <unfixed>
 	- shibboleth-sp <removed>
+	- shibboleth-sp2 <unfixed>
 CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as
used by ...)
 	{DSA-1896-1 DSA-1895-1}
 	- xmltooling 1.2.2-1
 	- opensaml <removed>
+	- opensaml2 <unfixed>
 	- shibboleth-sp <removed>
+	- shibboleth-sp2 <unfixed>
 	[lenny] - opensaml <no-dsa> (Minor issue)
 	TODO: next point update: [lenny] - opensaml 2.0-2+lenny1
 CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER
privilege ...)
@@ -433,9 +439,9 @@
 CVE-2009-3392
 	RESERVED
 CVE-2009-XXXX [oping suid 0 arbitrary file disclosure]
-	- oping 1.3.3-1 (low; bug #548684)
-	[lenny] - oping <not-affected> (doesn''t have -f option yet)
-	[etch] - oping <not-affected> (doesn''t have -f option yet)
+	- liboping 1.3.3-1 (low; bug #548684)
+	[lenny] - liboping <not-affected> (doesn''t have -f option yet)
+	[etch] - liboping <not-affected> (doesn''t have -f option yet)
 	TODO: request CVE id
 CVE-2009-XXXX [merkaartor merkaartor.log minor symlink attack]
 	- merkaartor <unfixed> (unimportant; bug #548546)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2009-10-09 18:20:29 UTC (rev 12962)
+++ data/DSA/list	2009-10-09 19:28:13 UTC (rev 12963)
@@ -1,3 +1,7 @@
+[09 Oct 2009] DSA-1895-2 opensaml2, shibboleth-sp2 - interpretation conflict
+	{CVE-2009-3474 CVE-2009-3475 CVE-2009-3476}
+	[lenny] - opensaml2 2.0-2+lenny1
+	[lenny] - shibboleth-sp2 2.0.dfsg1-4+lenny1	
 [09 Oct 2009] DSA-1904-1 wget - SSL certificate verification weakness
 	{CVE-2009-3490}
 	[etch] - wget 1.10.2-2+etch1

Secure testing commits - Oct 2009 - r12963 - in data: CVE DSA

[Secure-testing-commits] r12963 - in data: CVE DSA