Author: derevko-guest
Date: 2010-03-29 09:48:13 +0000 (Mon, 29 Mar 2010)
New Revision: 14348
Modified:
data/CVE/list
Log:
- NFU
- filed some bugs
- CVE-2010-1100: Integer overflow in Arora
- CVE-2009-4612 and CVE-2009-4611 are fixed in jetty 6.1.22-1
- CVE-2009-2902, CVE-2009-2693 and CVE-2009-2901 are fixed in tomcat6 6.0.24-1
- gnome-vfs2 was removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-28 21:39:25 UTC (rev 14347)
+++ data/CVE/list 2010-03-29 09:48:13 UTC (rev 14348)
@@ -43,13 +43,13 @@
CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before
2.8.12, ...)
TODO: check
CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass
...)
- TODO: check
+ NOT-FOR-US: Stainless
CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass
intended ...)
NOT-FOR-US: OmniWeb
CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote
attackers to ...)
NOT-FOR-US: Alexander Clauss iCab
CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass
intended ...)
- TODO: check
+ - arora <unfixed> (bug #575785)
CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to
bypass ...)
TODO: check
CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86
platform, as ...)
@@ -1076,7 +1076,7 @@
CVE-2010-0737
RESERVED
CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform
...)
- TODO: check
+ - viewvc <unfixed> (bug #575787)
CVE-2010-0735
REJECTED
CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib
is ...)
@@ -2344,17 +2344,13 @@
- zendframework 1.9.7-1
NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the
WebApp JSP ...)
- - jetty <undetermined>
- TODO: check
+ - jetty 6.1.22-1 (bug #575789)
CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without
sanitizing ...)
- - jetty <undetermined>
- TODO: check
+ - jetty 6.1.22-1
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay
Jetty ...)
- - jetty <undetermined>
- TODO: check
+ - jetty <unfixed> (low; bug #575790)
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote
...)
- - jetty <undetermined>
- TODO: check
+ - jetty <unfixed> (low; bug #575791)
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer
(PIT) ...)
{DSA-2010-1 DSA-1996-1}
- linux-2.6 2.6.32-8
@@ -3783,11 +3779,9 @@
[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not
reject ...)
- - viewvc <unfixed>
- TODO: check
+ - viewvc <unfixed> (bug #575777)
CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using
the ...)
- - viewvc <unfixed>
- TODO: check
+ - viewvc <unfixed> (bug #575777)
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux
kernel ...)
{DSA-2005-1 DSA-1996-1}
- linux-2.6 2.6.32-6
@@ -8282,12 +8276,11 @@
- linux-2.6 2.6.31-1 (low)
- linux-2.6.24 <removed> (low)
CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through
...)
- - tomcat6 <unfixed>
+ - tomcat6 6.0.24-1 (low)
- tomcat5 <removed>
- TODO: check
NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28
and ...)
- - tomcat6 <unfixed>
+ - tomcat6 6.0.24-1 (low)
- tomcat5 <removed>
TODO: check
NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
@@ -9105,7 +9098,7 @@
[lenny] - gaim <not-affected> (Only a transitional package)
- gaim <removed>
CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through
...)
- - tomcat6 <unfixed>
+ - tomcat6 6.0.24-1 (low)
- tomcat5 <removed>
TODO: check
NOTE: tomcat 5.0 (in etch) is unsupported by upstream and may also be affected
@@ -9757,7 +9750,7 @@
[lenny] - neon26 <no-dsa> (Minor issue)
- neon <removed> (low; bug #542926)
[etch] - neon <no-dsa> (Minor issue)
- - gnome-vfs2 <unfixed>
+ - gnome-vfs2 <removed>
NOTE: affected neon code copy present in gnome-vfs2 [./imported/*]
- litmus <removed>
NOTE: affected neon code copy present in litmus [./libneon/*]
@@ -11317,7 +11310,7 @@
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7
before p173 ...)
{DSA-1860-1}
- ruby1.8 1.8.7.173-1 (low; bug #532689)
- - ruby1.9 <unfixed>
+ - ruby1.9 <unfixed> (bug #575778)
NOTE:
http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8
allows ...)
- libapache-mod-security 2.5.9-1
@@ -13778,7 +13771,7 @@
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
- poppler 0.10.6-1 (medium; bug #524806)
[etch] - poppler <not-affected> (SplashBitmap code not present)
- - xpdf <unfixed>
+ - xpdf <unfixed> (bug #575779)
- kdegraphics 4:4.0
- swftools <removed>
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before
...)
@@ -17406,7 +17399,7 @@
- dia 0.96.1-7.1 (low; bug #504251)
[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from
certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API
function ...)
- - python3.1 <unfixed> (low)
+ - python3.1 <unfixed> (low; bug #575780)
- python2.6 <unfixed> (low; bug #572010)
- python2.5 <unfixed> (low)
[etch] - python2.5 <no-dsa> (Minor issue)