thr3ads.net - Secure testing commits - [Secure-testing-commits] r17842

If this information is useful, please help other people find it:
Share via:

Moritz Muehlenhoff

2011-Dec-21 17:15 UTC

[Secure-testing-commits] r17842 - data/CVE

Author: jmm
Date: 2011-12-21 17:15:48 +0000 (Wed, 21 Dec 2011)
New Revision: 17842

Modified:
   data/CVE/list
Log:
pure-ftpd updates


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-12-21 12:10:04 UTC (rev 17841)
+++ data/CVE/list	2011-12-21 17:15:48 UTC (rev 17842)
@@ -1699,10 +1699,10 @@
 	- ffmpeg <removed>
 	- ffmpeg-debian <end-of-life>
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
-	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
-	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
-	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
-	NOTE: hhttp://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
+	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
 CVE-2011-4352 [VP3 integer overflow]
 	RESERVED
 	- libav <unfixed>
@@ -9731,8 +9731,9 @@
 	[lenny] - linux-2.6 <not-affected> (Code not present)
 	NOTE: "...code path in question is no longer reachable..." not sure
when this was fixed
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before
1.0.30 ...)
-	- pure-ftpd 1.0.30-1
-	NOTE: http://www.pureftpd.org/project/pure-ftpd/news
+	- pure-ftpd 1.0.30-1 (low)
+	[squeeze] - pure-ftpd <no-dsa> (Will be fixed in stable point update)
+	[lenny] - pure-ftpd <no-dsa> (Minor issue)
 CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in
load_s3m.cpp in ...)
 	{DSA-2226-1}
 	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
@@ -13231,7 +13232,9 @@
 	{DSA-2237-2}
 	- apr 1.4.4-1 (low)
 CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc
in ...)
-	- pure-ftpd 1.0.32-1
+	- pure-ftpd 1.0.32-1 (unimportant)
+	NOTE: The attack could not be reproduced on Linux. The upstream change from
1.0.32
+        NOTE: only disables GLOB_BRACE, possibly to protect installations with
a vulnerable libc
 CVE-2011-0417
 	RESERVED
 CVE-2011-0416

Secure testing commits - Dec 2011 - r17842 - data/CVE

[Secure-testing-commits] r17842 - data/CVE