diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2009-05-21 12:24:46 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2009-05-21 12:24:46 +0000 |
commit | 87f5383856ee7878b151d04a66fc0d1dabf5fbf1 (patch) | |
tree | 21fe3514a0fd491dca9b29b5c0b0f65d3c9b7304 /data | |
parent | 7551812293cc29507984e13e7064eb02efd410c4 (diff) |
- minor ntp issue has been fixed in DSA alongside with a more severe issue,
remove from ospu/spu candidates list
- kernel fixed
- selinux issue was fixed for 2.6.29 through stable kernel update
- issue tracked as openjdk is actually a lcms issue
- CVE-2008-5519 is listed on the Tomcat web site, but it's actually within
mod-jk only
- clone ffmpeg-debian issue for the ffmpeg version in etch
- clone gnutls issue for the gnutls version in etch
- remove duplicate etch entry for older apache issue
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11944 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 14 | ||||
-rw-r--r-- | data/ospu-candidates.txt | 5 | ||||
-rw-r--r-- | data/spu-candidates.txt | 5 |
3 files changed, 6 insertions, 18 deletions
diff --git a/data/CVE/list b/data/CVE/list index f59069fd1f..e7ceca4d39 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -992,7 +992,7 @@ CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux [etch] - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...) {DSA-1800-1 DSA-1794-1 DSA-1787-1} - - linux-2.6 <unfixed> + - linux-2.6 2.6.29-5 - linux-2.6.24 <removed> CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...) {DSA-1794-1} @@ -1740,8 +1740,7 @@ CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message origi - udev 0.141-1 (medium) CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...) {DSA-1800-1} - - linux-2.6 2.6.30-1 - NOTE: compat code was removed in 30-rc1, so marking 2.6.30 as fixed + - linux-2.6 2.6.29-5 [etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release) - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release) CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...) @@ -3063,6 +3062,7 @@ CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...) CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...) {DSA-1769-1} - openjdk-6 <unfixed> + - lcms <unfixed> (low) CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...) {DTSA-198-1} - argyll 1.0.3-3 (medium; bug #523472; bug #524802) @@ -6877,10 +6877,7 @@ CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explo CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...) NOT-FOR-US: AhnLab V3 CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...) - - tomcat5.5 <unfixed> (bug #523054) - - libapache-mod-jk <removed> - - libapache2-mod-jk <unfixed> (bug #523054) - TODO: check whether libapache-mod-jk and libapache2-mod-jk are vulnerable + - libapache-mod-jk <unfixed> (bug #523054) CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...) - geronimo <itp> (bug #481869) CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...) @@ -9170,6 +9167,7 @@ CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...) NOTE: only the aac issue affected mplayer because it built against a copy of faad NOTE: the ogm issue is a problem in ffmpeg - ffmpeg-debian <unfixed> (unimportant; bug #509616) + - ffmpeg <removed> (unimportant) NOTE: just a crasher, no security implications known so far NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...) @@ -14604,6 +14602,7 @@ CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0 - hf 0.8-8.1 (medium; bug #504182) CVE-2008-2377 (Use after free vulnerability in the ...) - gnutls26 2.4.1-1 (medium) + - gnutls13 <not-affected> (Problem was introduced in 2.3.5) CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...) {DSA-1618-1 DSA-1612-1} - ruby1.9 1.9.0.2-2 @@ -26630,7 +26629,6 @@ CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in th NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset, NOTE: but many users change this. NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3. - [etch] - apache2 2.2.3-4+etch4 CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...) NOT-FOR-US: Total Commander CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...) diff --git a/data/ospu-candidates.txt b/data/ospu-candidates.txt index dd1adbe0fa..1176c8bc5f 100644 --- a/data/ospu-candidates.txt +++ b/data/ospu-candidates.txt @@ -444,11 +444,6 @@ notified maintainer -- -ntp (CVE-2009-0159) -#525373 - --- - nvi #496462 notified maintainer diff --git a/data/spu-candidates.txt b/data/spu-candidates.txt index bd1fe7ee17..5f65b4cfc2 100644 --- a/data/spu-candidates.txt +++ b/data/spu-candidates.txt @@ -52,11 +52,6 @@ Noah will see to it. -- -ntp (CVE-2009-0159) -#525373 - --- - openldap #253838 |