Author: jmm-guest
Date: 2010-05-25 21:46:43 +0000 (Tue, 25 May 2010)
New Revision: 14754
Modified:
data/CVE/list
Log:
- systemtap fixed
- wicd not in Lenny
- older php issues also only exploitable through malicious script
- gnustep-base no-dsa
- orca issue not in Lenny
- transmission issue doesn''t affect Lenny
- xulrunner no-dsa
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-25 21:42:06 UTC (rev 14753)
+++ data/CVE/list 2010-05-25 21:46:43 UTC (rev 14754)
@@ -381,6 +381,7 @@
NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse
function ...)
- transmission 1.92-1
+ [lenny] - transmission <not-affected> (Support for Magnet links not yet
available)
CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension
is ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled,
uses ...)
@@ -455,7 +456,6 @@
[lenny] - serendipity <not-affected> (Only affects >= 1.4)
CVE-2010-XXXX [wicd changes permissions of resolv.conf]
- wicd 1.7.0+ds1-3 (low; bug #582798)
- TODO: check lenny
CVE-2010-1849
RESERVED
CVE-2010-1848
@@ -951,6 +951,8 @@
TODO: check
CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in
...)
- gnustep-base <unfixed>
+ [lenny] - gnustep-base <no-dsa> (Minor issue)
+ TODO: File bug
CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency
...)
NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart
1.1 ...)
@@ -1372,6 +1374,7 @@
- prosody <unfixed> (low; bug #579087)
CVE-2010-XXXX [gnome-orca: shell access without logon]
- gnome-orca 2.30.0-2 (bug #578928)
+ [lenny] - gnome-orca <not-affected> (Doesn''t affect
Lenny''s version)
CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti
0.8.7e ...)
{DSA-2039-1}
- cacti 0.8.7e-3 (bug #578909)
@@ -4406,11 +4409,11 @@
CVE-2010-0413
RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the
value of ...)
- - systemtap <unfixed> (bug #572560)
+ - systemtap 1.2-1 (bug #572560)
[lenny] - systemtap <not-affected> (Server component not yet present)
[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2)
...)
- - systemtap <unfixed> (low; bug #568809)
+ - systemtap 1.2-1 (low; bug #568809)
[lenny] - systemtap <not-affected> (Vulnerable code not present)
[etch] - systemtap <no-dsa> (Minor issue)
NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
@@ -6097,19 +6100,19 @@
CVE-2009-XXXX [roundup: unspecified issue]
- roundup 1.4.11-1
CVE-2009-XXXX [php5 uksort() interruption memory corruption]
- - php5 <unfixed> (low)
+ - php5 <unfixed> (unimportant)
NOTE: CVE requested
CVE-2009-XXXX [php5 usort interruption memory corruption]
- - php5 5.2.11.dfsg.1-1 (low)
+ - php5 5.2.11.dfsg.1-1 (unimportant)
TODO: protection was weak in .11, re-check .12 changes
NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2009-XXXX [php5 explode() information leak]
- - php5 5.2.11.dfsg.1-1 (low)
+ - php5 5.2.11.dfsg.1-1 (unimportant)
NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2009-XXXX [php5 serialize() information leak]
- - php5 5.2.11.dfsg.1-1 (low)
+ - php5 5.2.11.dfsg.1-1 (unimportant)
NOTE: CVE requested
NOTE: from "Shocking News in PHP Exploitation" by Stefan Esser
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted
...)
@@ -20495,7 +20498,8 @@
CVE-2008-5914 (An unspecified function in the JavaScript implementation in
Apple ...)
NOT-FOR-US: Apple
CVE-2008-5913 (An unspecified function in the JavaScript implementation in
Mozilla ...)
- - xulrunner <unfixed> (bug #559792)
+ - xulrunner <unfixed> (low; bug #559792)
+ [lenny] - xulrunner <no-dsa> (Minor issue)
- iceape <unfixed>
[lenny] - iceape <not-affected> (Just a stub package)
NOTE: fixed upstream
https://bugzilla.mozilla.org/show_bug.cgi?id=cve-2008-5913