Author: jmm-guest
Date: 2010-01-29 17:54:51 +0000 (Fri, 29 Jan 2010)
New Revision: 13963
Modified:
data/CVE/list
Log:
- evolution issue only in external plugin, ytnef affects Debian
- new wireshark issue
- new issues in mount apps for fuse and cifs
- mysql/yassl issue already tracked
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-01-29 17:26:56 UTC (rev 13962)
+++ data/CVE/list 2010-01-29 17:54:51 UTC (rev 13963)
@@ -1,9 +1,5 @@
-CVE-2010-XXXX [mysql buffer overflow in yassl]
- - mysql-dfsg-5.1 <unfixed>
- - mysql-dfsg-5.0 <removed>
- TODO: check affected versions and other packages embedding yassl
- NOTE: http://intevydis.blogspot.com/2010/01/mysq-yassl-stack-overflow.html
- NOTE:
http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
+CVE-2010-XXXX [wireshark LWRES issue]
+ - wireshark 1.2.6-1
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec
VPN ...)
NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero
Technologies ...)
@@ -2105,8 +2101,7 @@
CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which
has ...)
- php5 5.2.12.dfsg.1-1 (low)
CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
- - php5 5.2.12.dfsg.1-1
- TODO: determine real impact
+ - php5 5.2.12.dfsg.1-1 (medium)
CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in
...)
- linux-2.6 <unfixed>
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in
2.6.28)
@@ -2810,10 +2805,11 @@
- linux-2.6 <unfixed> (unimportant)
- linux-2.6.24 <unfixed> (unimportant)
NOTE: All Debian kernels have MMU support enabled
-CVE-2009-3887 [evolution path traversal]
+CVE-2009-3887 [ytnef path traversal]
RESERVED
- - evolution <unfixed>
+ - ytnef <unfixed>
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+ NOTE: This doesn''t affect Evolution, the TNEF plugin is external
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update
17 ...)
- openjdk-6 <unfixed> (medium; bug #560908)
- sun-java6 6-17-1
@@ -3333,10 +3329,11 @@
- kvm 88+dfsg-2 (low; bug #557739)
NOTE: http://bugzilla.redhat.com/531660
NOTE: http://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
-CVE-2009-3721 [evolution buffer overflow]
+CVE-2009-3721 [ytnef buffer overflow]
RESERVED
- - evolution <unfixed>
+ - ytnef <unfixed>
NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
+ NOTE: This doesn''t affect Evolution, the TNEF plugin is external
CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in
Expat ...)
{DSA-1977-1 DSA-1921-1}
- expat 2.0.1-5 (low; bug #551936)
@@ -4546,8 +4543,12 @@
{DSA-1924-1}
- mahara 1.1.7-1 (low)
NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
-CVE-2009-3297
+CVE-2009-3297 [mount race conditions]
RESERVED
+ - fuse <unfixed>
+ - samba <unfixed>
+ NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
+ TODO: File bugs
CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might
allow ...)
{DSA-1912-2 DSA-1912-1}
- camlimages 1:3.0.1-5 (low)