Author: nion
Date: 2010-06-10 14:56:08 +0000 (Thu, 10 Jun 2010)
New Revision: 14851
Modified:
data/CVE/list
data/DSA/list
Log:
- more cleanup of old non-issues
- new mono issue CVE-2010-1459
- CVE-2010-1447 fixed in postgresql-8.4 8.4.4-1, added to DSA to mark as fixed
in stable as well
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-10 14:09:47 UTC (rev 14850)
+++ data/CVE/list 2010-06-10 14:56:08 UTC (rev 14851)
@@ -1934,8 +1934,7 @@
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM)
firmware ...)
NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a
value ...)
- - mono <undetermined>
- TODO: check
+ - mono <unfixed> (bug #585440)
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS
Zip ...)
NOT-FOR-US: TweakFS
CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does
not ...)
@@ -1982,9 +1981,8 @@
- lxr-cvs <unfixed>
TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
CVE-2010-1447 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before
8.1.21, ...)
- - postgresql-8.4 <undetermined>
- - postgresql-8.3 <undetermined>
- TODO: check
+ - postgresql-8.4 8.4.4-1
+ - postgresql-8.3 <removed>
CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel
2.6.30 and ...)
{DSA-2053-1}
- linux-2.6 2.6.32-12 (unimportant)
@@ -25110,7 +25108,7 @@
- fml <removed> (low; bug #496370)
[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users
to ...)
- - gccxml <unfixed> (unimportant; bug #496391)
+ - gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite
arbitrary ...)
- bulmages <unfixed> (unimportant; bug #496382)
@@ -25324,7 +25322,7 @@
{DSA-1675-1}
- phpmyadmin 4:2.11.8.1-3
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in
the ...)
- - viewvc <unfixed> (bug #500779; unimportant)
+ - viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on
...)
- iceweasel <unfixed> (unimportant)
NOTE: reproducible but browser DoS not treated as security issue
@@ -25642,7 +25640,7 @@
NOTE: the changelog doesn''t mention the fix but its included in -10
[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
- - debtorrent <unfixed> (unimportant; bug #500180)
+ - debtorrent 0.1.10 (unimportant; bug #500180)
NOTE: Only exploitable when upgrading from an ancient version, package also
not in Etch
NOTE: Marking as unimportant
CVE-2008-4189
@@ -50544,7 +50542,7 @@
- iceape <unfixed> (unimportant)
- epiphany-browser <unfixed> (unimportant; bug #556272)
NOTE: only epiphany-gecko backend affected
- - galeon <unfixed> (unimportant; bug #556270)
+ - galeon 2.0.7-2 (unimportant; bug #556270)
- kazehakase 0.5.8-2 (bug #556271)
TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
[lenny] - kazehakase 0.5.4-2lenny1
@@ -79426,7 +79424,7 @@
- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
RESERVED
- - mutt <unfixed> (bug #311296; unimportant)
+ - mutt 1.5.20-7 (bug #311296; unimportant)
[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-06-10 14:09:47 UTC (rev 14850)
+++ data/DSA/list 2010-06-10 14:56:08 UTC (rev 14851)
@@ -20,7 +20,7 @@
{CVE-2010-1321}
[lenny] - krb5 1.6.dfsg.4~beta1-5lenny4
[24 May 2010] DSA-2051-1 postgresql-8.3 - several
- {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975}
+ {CVE-2010-0442 CVE-2010-1169 CVE-2010-1170 CVE-2010-1975 CVE-2010-1447}
[lenny] - postgresql-8.3 8.3.11-0lenny1
[24 May 2010] DSA-2050-1 kdegraphics - several vulnerabilities
{CVE-2009-1188 CVE-2009-3603 CVE-2009-3604 CVE-2009-3606 CVE-2009-3608
CVE-2009-3609}