thr3ads.net - Secure testing commits - [Secure-testing-commits] r15298

If this information is useful, please help other people find it:
Share via:
Thijs Kinkhorst
2010-Sep-09 19:56 UTC
[Secure-testing-commits] r15298 - data/CVE

Author: thijs
Date: 2010-09-09 19:56:37 +0000 (Thu, 09 Sep 2010)
New Revision: 15298

Modified:
   data/CVE/list
Log:
fixes from stable point update 5.0.6


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-09 19:42:18 UTC (rev 15297)
+++ data/CVE/list	2010-09-09 19:56:37 UTC (rev 15298)
@@ -822,9 +822,10 @@
 CVE-2010-2946 [jfs issue]
 	RESERVED
 	- linux-2.6 2.6.32-21
+	[lenny] - linux-2.6 2.6.26-25
 CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot
slash) ...)
 	- slim 1.3.1-7 (low; bug #594414)
-	[lenny] - slim <no-dsa> (Maintainer will fix through stable point
update)
+	[lenny] - slim 1.3.0-1+lenny3
 CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in
...)
 	{DSA-2096-1}
 	- zope-ldapuserfolder <removed> (high; bug #593466)
@@ -834,6 +835,7 @@
 CVE-2010-2942 [linux-2.6 net sched infoleak]
 	RESERVED
 	- linux-2.6 <unfixed>
+	[lenny] - linux-2.6 2.6.26-25
 CVE-2010-2941
 	RESERVED
 CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System
...)
@@ -873,7 +875,7 @@
 	- rekonq 0.5.0-1
 CVE-2010-XXXX [Insufficient stripping of CR/LF allows arbitrary IRC command
execution]
 	- libpoe-component-irc-perl 6.32+dfsg-1
-	[lenny] - libpoe-component-irc-perl <no-dsa> (#581194)
+	[lenny] - libpoe-component-irc-perl 6.32+dfsg-1 (bug #581194)
 CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows
remote ...)
 	NOT-FOR-US: sNews CMS
 CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS
1.4.3.210 ...)
@@ -1847,7 +1849,7 @@
 	NOT-FOR-US: Opera
 CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression
functionality in ...)
 	- okular <removed> (low)
-	[lenny] - okular <no-dsa> (Will be fixed in a stable point update)
+	[lenny] - okular 0.7-2+lenny1
 	- kdegraphics 4:4.4.5-2
 	[lenny] - kdegraphics <not-affected> (Lenny''s kdegraphics
doesn''t yet contain Okular)
 	NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
@@ -1930,7 +1932,7 @@
 	- cacti 0.8.7g-1
 CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in
...)
 	- git-core 1:1.7.1-1.1 (low; bug #590026)
-	[lenny] - git-core <no-dsa> (Minor issue)
+	[lenny] - git-core 1:1.5.6.5-3+lenny3.1
 CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in
FreeType ...)
 	{DSA-2105-1}
 	- freetype 2.4.2-1 (low)
@@ -1966,7 +1968,7 @@
 	RESERVED
 CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927,
20070202, ...)
 	- iputils 3:20100418-2
-	[lenny] - iputils <no-dsa> (Minor issue)
+	[lenny] - iputils 3:20071127-1+lenny1
 CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar
protocol ...)
 	- pidgin 2.7.2-1
 CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before
2.4.0 ...)
@@ -2119,7 +2121,7 @@
 CVE-2010-2477 [XSS in paste.httpexceptions]
 	RESERVED
 	- paste 1.7.4-1 (low)
-	[lenny] - paste <no-dsa> (Minor issue)
+	[lenny] - paste 1.7.1-1+lenny1
 	NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
 CVE-2010-2475
 	RESERVED
@@ -2676,7 +2678,7 @@
 	NOT-FOR-US: joomla!
 CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject
downloads to ...)
 	- libwww-perl 5.835-1 (low)
-	[lenny] - libwww-perl <no-dsa> (Minor issue)
+	[lenny] - libwww-perl 5.813-1+lenny2
 CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename
instead of ...)
 	{DSA-2088-1}
 	- wget 1.12-2.1 (low; bug #590296)
@@ -2696,7 +2698,7 @@
 CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
 	RESERVED
 	- makepasswd 1.10-5 (low; bug #564559)
-	[lenny] - makepasswd <no-dsa> (Minor issue)
+	[lenny] - makepasswd 1.10-3+lenny1
 CVE-2010-2246 [feh --wget-timestamp issue]
 	RESERVED
 	- feh 1.8-1 (low; bug #587205)
@@ -3123,7 +3125,7 @@
 	- unrealircd <itp> (bug #515130)
 CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
 	- w3m 0.5.2-5 (low; bug #587445)
-	[lenny] - w3m <no-dsa> (Minor issue)
+	[lenny] - w3m 0.5.2-2+lenny1
 CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames
and ...)
 	- pyftpd 0.8.5 (low; bug #585776)
 	[lenny] - pyftpd 0.8.4.6+lenny1
@@ -7899,7 +7901,7 @@
 	- roundcube 0.3.1-3 (bug #569660)
 CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web
browser ...)
 	- imp4 4.3.7+debian0-2 (low; bug #569661)
-	[lenny] - imp4 <no-dsa> (Minor issue)
+	[lenny] - imp4 4.2-4lenny2
 CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before
FP6, ...)
 	NOT-FOR-US: IBM DB2
 CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component
1.0 ...)
Secure testing commits - Sep 2010 - r15298 - data/CVE

[Secure-testing-commits] r15298 - data/CVE
