Moritz Muehlenhoff
2010-Mar-04 16:58 UTC
[Secure-testing-commits] r14185 - in data: . CVE DSA
Author: jmm-guest
Date: 2010-03-04 16:58:17 +0000 (Thu, 04 Mar 2010)
New Revision: 14185
Modified:
data/CVE/list
data/DSA/list
data/spu-candidates.txt
Log:
- libpng no-dsa
- new moin issues fixed
- fix version for sudo NMU
- annotate the split for CVE-2009-3297 (splitting this several weeks after
multiple issues have been released really sucks)
- asterisk design issue discussed with maintainers, no update planned
- fix typo in wordpress source package name
- flex fixed even before Lenny
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-04 09:14:35 UTC (rev 14184)
+++ data/CVE/list 2010-03-04 16:58:17 UTC (rev 14185)
@@ -71,13 +71,14 @@
CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows
local ...)
{DSA-1989-1}
- fuse 2.8.1-1.2 (bug #567633)
+ NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service,
obtain ...)
- - ncpfs <undetermined>
- TODO: check
+ - ncpfs <unfixed>
CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22,
3.0.28a, ...)
{DSA-2004-1}
- samba 2:3.4.5~dfsg-2 (bug #567554)
NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
+ NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0786
RESERVED
CVE-2010-0785
@@ -204,8 +205,8 @@
- moin <undetermined>
TODO: check
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in
...)
- - ngircd <undetermined>
- TODO: check
+ - ngircd <unfixed>
+ TODO: File bug
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server
6.0 SP3 ...)
NOT-FOR-US: Sun ONE Web Server
CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server
4.1 ...)
@@ -297,14 +298,15 @@
CVE-2010-0686
RESERVED
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source
...)
- - asterisk <undetermined>
- TODO: check
+ - asterisk <unfixed>
+ [lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs
need to be followed)
+ [squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice
docs need to be followed)
CVE-2010-0684
RESERVED
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO
Administrator ...)
NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to
read ...)
- - wodpress <undetermined>
+ - wordpress <undetermined>
TODO: check
CVE-2010-XXXX [http://downloads.digium.com/pub/security/AST-2010-003.pdf]
- asterisk <unfixed>
@@ -336,14 +338,11 @@
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks)
...)
NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly
...)
- - moin <undetermined>
- TODO: check
+ - moin 1.9.2-1
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x
...)
- - moin <undetermined>
- TODO: check
+ - moin 1.9.2-1
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing
of ...)
- - moin <undetermined>
- TODO: check
+ - moin 1.9.1-1
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5
Patch ...)
NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information
under ...)
@@ -446,8 +445,10 @@
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth
Performance ...)
NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x and 3.0
...)
- - squid <undetermined>
- TODO: check
+ - squid <unfixed>
+ [lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
+ - squid3 <unfixed>
+ [lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar
1.2.0 ...)
- webcalendar <undetermined>
TODO: check
@@ -479,8 +480,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/2
NOTE: http://www.kde.org/info/security/advisory-2010-02-17-1.txt
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator
(flex) ...)
- - flex <undetermined>
- TODO: check
+ - flex 2.5.35-1
CVE-2010-0629
RESERVED
CVE-2010-0628
@@ -1025,7 +1025,7 @@
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...)
{DSA-2006-1}
- - sudo 1.7.2p1-1.1 (bug #570737)
+ - sudo 1.7.2p1-1.2 (bug #570737)
NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425 [apache mod_isapi DoS]
RESERVED
@@ -1764,7 +1764,8 @@
RESERVED
CVE-2010-0205 [libpng memory consumption dos]
RESERVED
- - libpng 1.2.43-1 (bug #572308)
+ - libpng 1.2.43-1 (low; bug #572308)
+ [lenny] - libpng <no-dsa> (Minor issue)
NOTE: http://www.kb.cert.org/vuls/id/576029
CVE-2010-0204
RESERVED
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-03-04 09:14:35 UTC (rev 14184)
+++ data/DSA/list 2010-03-04 16:58:17 UTC (rev 14185)
@@ -10,6 +10,7 @@
[28 Feb 2010] DSA-2004-1 samba - several vulnerabilities
{CVE-2010-0787 CVE-2010-0547}
[lenny] - samba 2:3.2.5-4lenny9
+ NOTE: Initial DSA released as CVE-2009-3297
[22 Feb 2010] DSA-2003-1 linux-2.6 - several vulnerabilities
{CVE-2009-3080 CVE-2009-3726 CVE-2009-4005 CVE-2009-4020 CVE-2009-4021
CVE-2009-4536 CVE-2010-0007 CVE-2010-0410 CVE-2010-0415 CVE-2010-0622}
[etch] - linux-2.6 2.6.18.dfsg.1-26etch2
@@ -66,6 +67,7 @@
{CVE-2010-0789}
[etch] - fuse 2.5.3-4.4+etch1
[lenny] - fuse 2.7.4-1.1+lenny1
+ NOTE: Used to be CVE-2009-3297
[02 Feb 2010] DSA-1988-1 qt4-x11 - several vulnerabilities
{CVE-2009-0945 CVE-2009-1687 CVE-2009-1690 CVE-2009-1698 CVE-2009-1699
CVE-2009-1711 CVE-2009-1712 CVE-2009-1713 CVE-2009-1725 CVE-2009-2700}
[lenny] - qt4-x11 4.4.3-1+lenny1
Modified: data/spu-candidates.txt
==================================================================---
data/spu-candidates.txt 2010-03-04 09:14:35 UTC (rev 14184)
+++ data/spu-candidates.txt 2010-03-04 16:58:17 UTC (rev 14185)
@@ -183,6 +183,9 @@
#533676
notified maintainer
+CVE-2010-0205
+#572308
+
--
libsndfile