Author: jmm Date: 2011-02-02 07:35:18 +0000 (Wed, 02 Feb 2011) New Revision: 16030 Modified: data/CVE/list data/spu-candidates.txt Log: - new postgres issue - sssd tpu - various CVE assignments - mingetty, numpy no-dsa Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-02-02 04:16:17 UTC (rev 16029) +++ data/CVE/list 2011-02-02 07:35:18 UTC (rev 16030) @@ -158,10 +158,6 @@ TODO: check CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master ...) NOT-FOR-US: Automated Solutions Modbus/TCP Master -CVE-2011-XXXX [Reoccurance of CVE-2005-3534] - - nbd 1:2.9.16-8 (bug #611187) -CVE-2011-XXXX [yet another weborf DoS] - - weborf 0.12.5-1 CVE-2011-0649 RESERVED CVE-2011-0648 @@ -430,10 +426,14 @@ RESERVED CVE-2011-0530 RESERVED + - nbd 1:2.9.16-8 (bug #611187) CVE-2011-0529 RESERVED + - weborf 0.12.5-1 CVE-2011-0528 RESERVED + - puppet 2.6.2-3 + [lenny] - puppet <not-affected> (Only affects 2.6.x) CVE-2011-0527 RESERVED CVE-2011-0526 @@ -2074,10 +2074,6 @@ NOTE: Dupe of CVE-2010-4334 CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) NOT-FOR-US: MRCGIGUY FreeTicket -CVE-2010-XXXX - - puppet 2.6.2-3 - [lenny] - puppet <not-affected> (Only affects 2.6.x) - NOTE: CVE ID requested CVE-2011-0025 RESERVED CVE-2011-0024 @@ -2567,6 +2563,7 @@ - linux-2.6 2.6.32-30 CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...) - sssd 1.2.1-4.1 (bug #610032) + [squeeze] - sssd 1.2.1-4+squeeze1 CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...) NOT-FOR-US: Pointter PHP Micro-Blogging Social Network CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...) @@ -3375,8 +3372,11 @@ RESERVED CVE-2010-4016 RESERVED -CVE-2010-4015 +CVE-2010-4015 [psql buffer overflow in intarray module] RESERVED + - postgresql-9.0 9.0.3-1 + - postgresql-8.4 8.4.7-1 + - postgresql-8.3 <removed> CVE-2010-4014 RESERVED CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x ...) @@ -4983,7 +4983,8 @@ - ffmpeg-debian <removed> NOTE: http://www.ocert.org/advisories/ocert-2010-004.html CVE-2010-XXXX [mingetty directory traversal] - - mingetty 1.07-2 (medium; bug #597382) + - mingetty 1.07-2 (low; bug #597382) + [lenny] - mingetty <no-dsa> (Minor issue) CVE-2010-XXXX [config file world readable] - sabnzbdplus 0.5.4-1 (low; bug #593829) CVE-2010-XXXX [signature verification issue] @@ -4992,7 +4993,8 @@ - greylistd 0.8.7+nmu2 (low; bug #464084) [lenny] - greylistd <no-dsa> (Minor issue) CVE-2010-XXXX [numpy memory corruption] - - python-numpy 1:1.4.1-5 (bug #581058) + - python-numpy 1:1.4.1-5 (low; bug #581058) + [lenny] - python-numpy <no-dsa> (Minor issue) NOTE: http://projects.scipy.org/numpy/changeset/8364 CVE-2010-XXXX [mediatomb directory traversal] - mediatomb 0.12.0~svn2018-6.1 (medium; bug #580120) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-02-02 04:16:17 UTC (rev 16029) +++ data/spu-candidates.txt 2011-02-02 07:35:18 UTC (rev 16030) @@ -401,6 +401,11 @@ -- +mingetty +#597382 + +-- + mono-debugger (CVE-2010-3369) #598299 @@ -456,6 +461,12 @@ -- +python-numpy (CVE-2010-XXXX [numpy memory corruption]) +#581058 +http://projects.scipy.org/numpy/changeset/8364 + +-- + roaraudio (CVE-2010-3362) #598295