Author: nion
Date: 2010-07-31 14:26:07 +0000 (Sat, 31 Jul 2010)
New Revision: 15079
Modified:
data/CVE/list
data/NMU/list
Log:
CVE-2010-1448, CVE-2010-1625, CVE-2009-4497 will be fixed in lxr-cvs
0.9.5+cvs20071020-1.1
CVE-2010-1738 looks like a dupe of CVE-2010-1448, asking for lxr deletion, this
package/code is a mess
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-07-31 12:05:10 UTC (rev 15078)
+++ data/CVE/list 2010-07-31 14:26:07 UTC (rev 15079)
@@ -3009,6 +3009,7 @@
CVE-2010-1738 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in
LXR ...)
- lxr <unfixed> (low; bug #585411)
- lxr-cvs <unfixed> (low; bug #585412)
+ NOTE: looks like a dupe of CVE-2010-1448 to me, checked back with oss-sec
CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root
with ...)
@@ -3296,8 +3297,8 @@
- mysql-dfsg-5.0 <removed> (low; bug #584400)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
...)
- - lxr <unfixed> (bug #588138)
- - lxr-cvs <unfixed> (bug #588137)
+ - lxr <unfixed> (low; bug #588138)
+ - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol
plugin in ...)
- pidgin 2.7.0-1 (low)
[lenny] - pidgin 2.4.3-4lenny6
@@ -3866,7 +3867,7 @@
- python2.4 <removed> (low)
[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in
LXR ...)
- - lxr-cvs <unfixed> (bug #588036)
+ - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
TODO: prod maintainer (and find out why we have lxr and lxr-cvs)
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier
versions, for ...)
{DSA-2051-1}
@@ -8154,7 +8155,7 @@
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8
allows ...)
- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer
0.9.5 ...)
- - lxr-cvs <unfixed> (bug #575745)
+ - lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
NOTE:
http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2 at
3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing
...)
- boa <unfixed> (unimportant)
Modified: data/NMU/list
==================================================================---
data/NMU/list 2010-07-31 12:05:10 UTC (rev 15078)
+++ data/NMU/list 2010-07-31 14:26:07 UTC (rev 15079)
@@ -203,3 +203,4 @@
2010-06-20 libnids 1.23-1.2
2010-06-20 netpbm-free 2:10.0-12.2
2010-07-30 xemacs21 21.4.22-3.1
+2010-07-31 lxr-cvs 0.9.5+cvs20071020-1.1