Secure testing commits - Jan 2010 - r13786 - data/CVE

Author: jmm-guest
Date: 2010-01-11 17:57:38 +0000 (Mon, 11 Jan 2010)
New Revision: 13786

Modified:
   data/CVE/list
Log:
* new dtc-xen issue
* netdisco-mibs-installer fixed
* webrick log injection issue fixed
* php5 fixed
* another kvirc issue is Windows specific


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-11 08:26:09 UTC (rev 13785)
+++ data/CVE/list	2010-01-11 17:57:38 UTC (rev 13786)
@@ -457,7 +457,7 @@
 	NOT-FOR-US: Orion httpd
 CVE-2009-4492 [webrick escape sequence injection]
 	RESERVED
-	- ruby1.8 <unfixed> (low; bug #564598)
+	- ruby1.8 1.8.7.249-1 (low; bug #564598)
 	[etch] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
 	[lenny] - ruby1.8 <no-dsa> (issue not really specific to the httpd)
 	NOTE: same as CVE-2009-4487
@@ -1512,9 +1512,9 @@
 	NOTE: network-manager in lenny not affected, because it is in
network-manager-applet
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=546117
 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which
has ...)
-	- php5 <unfixed> (low)
+	- php5 5.2.12.dfsg.1-1 (low)
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
-	- php5 <unfixed>
+	- php5 5.2.12.dfsg.1-1
 	TODO: determine real impact
 CVE-2009-4141
 	RESERVED
@@ -1875,8 +1875,10 @@
 	RESERVED
 CVE-2009-4012
 	RESERVED
-CVE-2009-4011
+CVE-2009-4011 [dtc-xen race condition]
 	RESERVED
+	- dtc-xen 0.5.4-1
+	[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
 CVE-2009-4010 [pdns-recursor vulns]
 	RESERVED
 	{DSA-1968-1}
@@ -3287,10 +3289,10 @@
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before
5.2.12 ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.12.dfsg.1-1 (unimportant)
 	NOTE: open_basedir bypass
 CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12
and ...)
-	- php5 <unfixed> (unimportant)
+	- php5 5.2.12.dfsg.1-1 (unimportant)
 	NOTE: safe_mode bypass
 CVE-2009-3556
 	RESERVED
@@ -16673,7 +16675,7 @@
 	[etch] - gpsdrive <no-dsa> (Minor issue)
 	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
 CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite
arbitrary ...)
-	- netdisco-mibs-installer <unfixed> (low; bug #508940)
+	- netdisco-mibs-installer 1.4 (low; bug #508940)
 	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
 CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite
...)
 	- arb 0.0.20071207.1-6 (low; bug #508942)
@@ -18310,7 +18312,7 @@
 	- lynx-cur 2.8.7dev4-1 (low)
 	- lynx <not-affected> (Doesn''t include the current directory in
the search path)
 CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0,
when ...)
-	- kvirc 2:3.4.0-3 (bug #503401)
+	- kvirc <not-affected> (Windows-specific vulnerability)
 CVE-2008-XXXX [balazar3: insecure temp file handling]
 	- balazar3 0.1-2 (bug #503750)
 CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in
phpMyAdmin ...)