Author: jmm-guest Date: 2010-07-06 20:31:16 +0000 (Tue, 06 Jul 2010) New Revision: 14966 Modified: data/CVE/list Log: - bugnums - new tiff issue doesn''t affect Lenny, still unfixed in 3.9.4 according to Red Hat bugzilla - bogofilter fixed - older typo3 issue a non-issue, pinged MITRE for rejection Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-06 16:03:38 UTC (rev 14965) +++ data/CVE/list 2010-07-06 20:31:16 UTC (rev 14966) @@ -1,5 +1,5 @@ CVE-2010-XXXX [bogofilter] - - bogofilter <unfixed> (low; bug #588090) + - bogofilter 1.2.1-3 (low; bug #588090) CVE-2010-XXXX [l2tp oops] - linux-2.6 <unfixed> [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29) @@ -934,7 +934,8 @@ CVE-2010-2234 RESERVED CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...) - - tiff 3.9.4-1 (low) + - tiff <unfixed> + [lenny] - tiff <not-affected> (Only affects 3.9.x) CVE-2010-2232 RESERVED CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...) @@ -1455,10 +1456,10 @@ NOT-FOR-US: Cisco CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is ...) - exim4 4.72-1 (low) - NOTE: Fixed in experimental, both seem no-dsa, but should be checked with maintainers + NOTE: seems no-dsa, but should be checked with maintainers CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable ...) - exim4 4.72-1 (low) - NOTE: Fixed in experimental, both seem no-dsa, but should be checked with maintainers + NOTE: seems no-dsa, but should be checked with maintainers CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the "-l -U ...) - kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930) - kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930) @@ -1875,9 +1876,8 @@ CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...) NOT-FOR-US: PHP Easy Shopping Cart CVE-2009-4855 (SQL injection vulnerability in index.php in TYPO3 4.0 allows remote ...) - - typo3-src 4.2.5-1+lenny3 - NOTE: I have no idea when this was fixed, 4.2.5-1+lenny3 is the version currently in lenny - NOTE: which is not affected by this bug + NOT-FOR-US: Bogus issue claimed for typo3 + NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3 CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...) NOT-FOR-US: TalkBack CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...) @@ -2249,7 +2249,7 @@ CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...) NOT-FOR-US: Roxio CinePlayer CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...) - - acidbase 1.4.5-1 (bug filed) + - acidbase 1.4.5-1 (bug #587819) [lenny] - acidbase <no-dsa> (Minor issue) CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis ...) - acidbase 1.4.4-1 (low) @@ -5178,10 +5178,10 @@ [lenny] - policykit <not-affected> (pkexec introduced in 0.92) CVE-2010-0749 RESERVED - - transmission 1.92-1 (unimportant; bug filed) + - transmission 1.92-1 (unimportant; bug #574507) CVE-2010-0748 [transmission magnet links parser buffer overflow] RESERVED - - transmission 1.92-1 (medium; bug filed) + - transmission 1.92-1 (medium; bug #574507) [lenny] - transmission <not-affected> (Support for Magnet links not yet available) CVE-2010-0746 [DeviceKit privilege escalation via pluggable storage device labels] RESERVED