Author: jmm-guest Date: 2010-01-28 18:43:30 +0000 (Thu, 28 Jan 2010) New Revision: 13949 Modified: data/CVE/list Log: - systemtap doesn''t affect Lenny - automaken no-dsa - postgres CVEfied - classpath no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-01-28 14:01:06 UTC (rev 13948) +++ data/CVE/list 2010-01-28 18:43:30 UTC (rev 13949) @@ -38,13 +38,12 @@ CVE-2010-XXXX [gmetad incorrect file permissions] - gmetad <unfixed> (low; bug #567175) TODO: check old/stable versions -CVE-2010-XXXX [postgres bitsubstr overflow] +CVE-2010-0442 [postgres bitsubstr overflow] - postgresql-7.4 <removed> - postgresql-8.1 <removed> - postgresql-8.2 <removed> - postgresql-8.3 <unfixed> (bug #567058) - postgresql-8.4 <unfixed> - NOTE: CVE id requested on oss-sec CVE-2010-XXXX [bozohttpd DoS on incomplete requests] - bozohttpd <unfixed> (low; bug #566325) [lenny] - bozohttpd <no-dsa> (Minor issue) @@ -1736,7 +1735,8 @@ RESERVED CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...) - systemtap 1.1-1 - TODO: check + [lenny] - systemtap <not-affected> (Server component not yet present) + [etch] - systemtap <not-affected> (Server component not yet present) CVE-2009-4272 [linux deadlock or null pointer dereference via routing hash table''s emergency route flush] RESERVED - linux-2.6 <unfixed> (medium) @@ -2396,7 +2396,13 @@ TODO: check CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...) - automake 1:1.11-1 - TODO: check + [lenny] - automake <no-dsa> (Minor issue) + - automake1.9 <unfixed> + [lenny] - automake1.9 <no-dsa> (Minor issue) + - automake1.7 <unfixed> + [lenny] - automake1.7 <no-dsa> (Minor issue) + - automake1.10 <unfixed> + [lenny] - automake1.10 <no-dsa> (Minor issue) NOTE: it also affects every Makefile.in generated by automake NOTE: but it doesn''t really affect Debian NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html @@ -16523,6 +16529,7 @@ NOT-FOR-US: Sun Solaris CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...) - classpath 2:0.98-1 (bug #512532; low) + [lenny] - classpath <no-dsa> (Minor issue) - libgnucrypto-java <removed> (low; bug #559789) [lenny] - libgnucrypto-java <no-dsa> (Minor issue) CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)