Author: jmm-guest Date: 2010-06-10 17:14:26 +0000 (Thu, 10 Jun 2010) New Revision: 14853 Modified: data/CVE/list Log: - sudo bugnum - two xinha embedders not-affected - moodle temp entry was CVEfied - record openjdk fixes using the same security branch as sun java - fix samba version number for wide_links issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-10 15:58:35 UTC (rev 14852) +++ data/CVE/list 2010-06-10 17:14:26 UTC (rev 14853) @@ -791,8 +791,8 @@ - serendipity 1.5.3-1 [lenny] - serendipity <not-affected> (Only affects >= 1.4) - horde3 <undetermined> (bug #585165) - - openacs <undetermined> (bug #585163) - - dotlrn <undetermined> (bug #585164) + - openacs <not-affected> (Doesn''t use the PHP interface, see bug #585163) + - dotlrn <not-affected> (Doesn''t use the PHP interface, see bug #585164) CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...) - php5 <unfixed> (unimportant) CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...) @@ -878,8 +878,8 @@ NOT-FOR-US: PHP Easy Shopping Cart CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...) - typo3-src 4.2.5-1+lenny3 - NOTE: I have on idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny - NOTE: which is not affected by this bug + NOTE: I have no idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny + NOTE: which is not affected by this bug CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) NOT-FOR-US: TalkBack CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...) @@ -1351,7 +1351,7 @@ - mediawiki <unfixed> NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...) - - sudo <unfixed> (bug filed) + - sudo <unfixed> (bug #585394) CVE-2010-1645 RESERVED CVE-2010-1644 @@ -3108,7 +3108,6 @@ [lenny] - alien-arena <no-dsa> (Contrib not supported) CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52] - glpi 0.72.4-2 (bug #574760) - - moodle <unfixed> (bug #574757) NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52 CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...) - xulrunner <not-affected> (vulnerability introduced in firefox 3.6) @@ -3433,8 +3432,8 @@ NOTE: somewhat impractical right now, but the openssl developers are working NOTE: on a fix just in case CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...) - - samba 2:3.5.1~dfsg-1 (low; bug #568493; bug #572953) - [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications) + - samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953) + [lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications) CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...) NOT-FOR-US: Perforce Server CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...) @@ -7995,7 +7994,7 @@ NOTE: http://www.ocert.org/advisories/ocert-2009-013.html NOTE: This doesn''t affect Evolution, the TNEF plugin is external CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...) @@ -8049,7 +8048,7 @@ - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...) @@ -8065,15 +8064,15 @@ - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...) @@ -8481,7 +8480,7 @@ CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...) NOT-FOR-US: ReqWeb CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...) - - openjdk-6 <unfixed> (medium; bug #560908) + - openjdk-6 6b17-1.7-1 (medium; bug #560908) - sun-java6 6-17-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)