Author: derevko-guest
Date: 2010-03-08 23:35:36 +0000 (Mon, 08 Mar 2010)
New Revision: 14228
Modified:
data/CVE/list
Log:
- bind in unstable fixed three issues
- CVE-2010-0295 fixed in lighttpd 1.4.26-1
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-08 23:16:57 UTC (rev 14227)
+++ data/CVE/list 2010-03-08 23:35:36 UTC (rev 14228)
@@ -1485,8 +1485,7 @@
TODO: check
NOTE: This doesn''t seem a security issue, old clients won''t
accept two directory authorities anymore due to the renewed keys
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
- - bind9 <unfixed>
- TODO: check
+ - bind9 1:9.7.0.dfsg-1
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP
MySpace ...)
NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121,
allows ...)
@@ -1826,7 +1825,7 @@
NOTE: supposedly fixed upstream in 3.5.0
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each
read ...)
{DSA-1987-1}
- - lighttpd <unfixed> (medium)
+ - lighttpd 1.4.26-1 (medium)
CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1,
generates a ...)
{DSA-1992-1}
- chrony 1.23-7 (low)
@@ -1840,7 +1839,7 @@
{DSA-2005-1 DSA-1996-1}
- linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4
before ...)
- - bind9 <unfixed>
+ - bind9 1:9.7.0.dfsg-1 (medium)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ACL ...)
{DSA-1976-1}
@@ -2420,8 +2419,7 @@
CVE-2010-0098
RESERVED
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before
...)
- - bind9 <unfixed>
- TODO: check
+ - bind9 1:9.7.0.dfsg-1
CVE-2010-0096
RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux
kernel ...)