Secure testing commits - Mar 2010 - r14324 - data/CVE

Author: jmm-guest
Date: 2010-03-25 21:50:25 +0000 (Thu, 25 Mar 2010)
New Revision: 14324

Modified:
   data/CVE/list
Log:
- new redmine issues

Several new issues not affecting stable:
- new deliver issue (not in any released version any more)
- historic GNU TLS issue
- new krb5 issue doesn''t affect Lenny


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-03-24 18:29:29 UTC (rev 14323)
+++ data/CVE/list	2010-03-25 21:50:25 UTC (rev 14324)
@@ -7,6 +7,12 @@
 	- iceape <not-affected> (Vulnerable code not present)
 	NOTE: http://www.mozilla.org/security/announce/2010/mfsa2010-08.html
 	TODO: fix tracker once iceweasel/xulrunner >= 3.6 uploaded
+CVE-2010-XXXX [Escape href attribute in auto links]
+	- redmine 0.9.3-3
+	TODO: Check severity, Lenny status
+CVE-2010-XXXX [Fixes permission check in QueriesController]
+	- redmine 0.9.3-3
+	TODO: Check severity, Lenny status
 CVE-2010-1003
 	RESERVED
 CVE-2010-1002
@@ -836,8 +842,10 @@
 	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver
2.28)
 	NOTE: http://osvdb.org/show/osvdb/61203
 	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
-CVE-2010-0731
+CVE-2010-0731 [historic GNUTLS issue]
 	RESERVED
+	- gnutls26 <not-affected> (Fixed before initial release)
+	- gnutls13 1.2.1-1
 CVE-2010-0730
 	RESERVED
 CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat
Enterprise ...)
@@ -1129,8 +1137,10 @@
 	- flex 2.5.35-1
 CVE-2010-0629
 	RESERVED
-CVE-2010-0628
+CVE-2010-0628 [MITKRB5-SA-2010-002]
 	RESERVED
+	- krb5 <unfixed>
+	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
 CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues]
 	- couchdb <unfixed> (bug #570013)
 	[lenny] - couchdb <no-dsa> (does not support authentication at all)
@@ -1637,8 +1647,9 @@
 	[etch] - asterisk <not-affected> (Only affects 1.6.x)
 CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation
in ...)
 	NOT-FOR-US: Cisco Secure Desktop
-CVE-2010-0439
+CVE-2010-0439 [Multiple vulnerabilities in Deliver]
 	RESERVED
+	- deliver <removed>
 CVE-2010-0438 (Multiple SQL injection vulnerabilities in
Kernel/System/Ticket.pm in ...)
 	{DSA-1993-1}
 	- otrs <not-affected> (vulnerable code not present)