Author: jmm-guest Date: 2010-10-03 20:43:54 +0000 (Sun, 03 Oct 2010) New Revision: 15413 Modified: data/CVE/list data/embedded-code-copies data/spu-candidates.txt Log: - lastfm, roaraudio, ike no-dsa - mahara/tinymce code copy fixed - otrs fixed - cleanup older issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-10-03 19:35:25 UTC (rev 15412) +++ data/CVE/list 2010-10-03 20:43:54 UTC (rev 15413) @@ -931,13 +931,16 @@ - vips <unfixed> (bug #598296) CVE-2010-3363 RESERVED - - roaraudio 0.3-2 (bug #598295) + - roaraudio 0.3-2 (low; bug #598295) + [lenny] - roaraudio <no-dsa> (Minor issue) CVE-2010-3362 RESERVED - - lastfm 1:1.5.4.26862+dfsg-5 (bug #598294) + - lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294) + [lenny] - lastfm <no-dsa> (Minor issue) CVE-2010-3361 RESERVED - - ike <unfixed> (bug #598292) + - ike <unfixed> (low; bug #598292) + [lenny] - ike <no-dsa> (Minor issue) CVE-2010-3360 RESERVED - hipo <unfixed> (bug #598291) @@ -4294,9 +4297,7 @@ CVE-2010-2081 RESERVED CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...) - - otrs2 <unfixed> - TODO: check lenny - NOTE: http://otrs.org/advisory/OSA-2010-02-en/ + - otrs2 2.4.8+dfsg1-1 CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...) NOT-FOR-US: Novell Access Manager CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...) @@ -17416,10 +17417,6 @@ NOT-FOR-US: Apple Safari CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...) - webkit 1.1.10-1 - - kdelibs <unfixed> (low) - [lenny] - kdelibs <no-dsa> (Minor issue) - - kde4libs <unfixed> (low) - - qt4-x11 <undetermined> CVE-2009-2418 RESERVED CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...) @@ -31814,8 +31811,9 @@ NOTE: file is opened with O_EXCL even if tmpnam is used in this case CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...) - jasper 1.900.1-5.1 (medium; bug #501021) - - ghostscript 8.64~dfsg-2 (medium; bug #559778) - - gs-gpl <removed> (medium; bug #561717) + - ghostscript 8.64~dfsg-2 (low; bug #559778) + [lenny] - ghostscript <not-affected> (Too intrusive to backport) + - gs-gpl <removed> (low; bug #561717) - netpbm-free <not-affected> (dynamically links to ghostscript if available) CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...) - jbossas4 <not-affected> (configuration not yet included in Debian package) @@ -52614,7 +52612,7 @@ CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...) NOT-FOR-US: fotokategori.asp CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) - - iceweasel <unfixed> (low; bug #556267) + - iceweasel <unfixed> (unimportant; bug #556267) [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) [lenny] - iceweasel <no-dsa> (Minor issue) CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...) @@ -85247,8 +85245,6 @@ NOT-FOR-US: Apple CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...) NOT-FOR-US: RSA SecurID Web Agent -CVE-2005-XXXX [race condition with a buffered temp file] - - pysvn 1.1.2-3 CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module] - mailutils 1:0.6.1-2 CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks] Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2010-10-03 19:35:25 UTC (rev 15412) +++ data/embedded-code-copies 2010-10-03 20:43:54 UTC (rev 15413) @@ -449,7 +449,7 @@ - moodle <unfixed> (embed; bug #507185) - knowledgeroot <unfixed> (embed) - joomla <itp> (bug #326398) - - mahara <unfixed> (embed; #597752) + - mahara 1.2.6-1 (embed; #597752) scintilla (upstream provides static lib, rejected shared lib http://sf.net/support/tracker.php?aid=2488121) - scite <unfixed> (embed) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2010-10-03 19:35:25 UTC (rev 15412) +++ data/spu-candidates.txt 2010-10-03 20:43:54 UTC (rev 15413) @@ -138,6 +138,12 @@ -- +ika (CVE-2010-3361) +#5982925B +notified maintainer + +-- + imp4 (CVE-2010-0463) #569661 notified maintainer @@ -367,6 +373,11 @@ -- +roaraudio (CVE-2010-3362) +#598295 + +-- + ruby1.8 (CVE-2010-0541) --