diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2010-07-20 06:22:33 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2010-07-20 06:22:33 +0000 |
commit | cfa070112d8437ed7685a6bb09af9564a9db032c (patch) | |
tree | 3f938fb0fe35c63d02961f0bf2de3c7609aad97d /data | |
parent | 86a2eb2556c9021c3655e94423851fb158a35107 (diff) |
- some packages are properly maintained or removed by now
- mlmmj fixed
- new rpcbind issue (fixed)
- tomcat fixed
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15004 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 7 | ||||
-rw-r--r-- | data/problematic-packages | 35 |
2 files changed, 4 insertions, 38 deletions
diff --git a/data/CVE/list b/data/CVE/list index 919663e680..01f785faee 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1144,7 +1144,7 @@ CVE-2009-4897 RESERVED CVE-2009-4896 RESERVED - - mlmmj <unfixed> (bug #588038) + - mlmmj 1.2.17-1.1 (bug #588038) CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...) NOT-FOR-US: Plume CMS CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...) @@ -1327,7 +1327,7 @@ CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-contr - moodle 1.9.9-1 (bug #586280) CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...) - tomcat5 <removed> - - tomcat6 <unfixed> (bug filed) + - tomcat6 6.0.28-1 (bug #588813) CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass] RESERVED - linux-2.6 <unfixed> @@ -1757,6 +1757,7 @@ CVE-2010-2062 [VLC: integer underflow in Real RTSP] NOTE: DSA-2043 and DSA-2044 CVE-2010-2061 RESERVED + - rpcbind 0.2.0-4.1 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...) - beanstalkd 1.4.6-1 (unimportant; bug #585162) NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network, @@ -11736,7 +11737,7 @@ CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...) [lenny] - glpi <no-dsa> (minor issue) - knowledgeroot 0.9.9.5-1 (low; bug #555229) [etch] - knowledgeroot <no-dsa> (minor issue) - [lenny] - knowledgeroot <no-dsa> (minor issue) + [lenny] - knowledgeroot <not-affected> (Vulnerable code not present) - mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231) [etch] - mt-daapd 0.2.4+r1376-1.1+etch3 - mediatomb 0.12.0~svn2018-5 (low; bug #555232) diff --git a/data/problematic-packages b/data/problematic-packages index d858d75c21..5fd3156626 100644 --- a/data/problematic-packages +++ b/data/problematic-packages @@ -11,41 +11,6 @@ No reaction to remote code execution bugs in unstable since July. Only one upload, maintainer has no other packages. pinged maintainer on 2009-11-29, maintainer reacted promptly ----- - -bugzilla: (Nov 2009) -Maintainer active again, package is still quite old, though 3.2 - ----- - -jasper (June 2009) -A security fix was dropped in a later upload, no followup on -the respective bug for three weeks as of 2009-06-02. - ----- - -libapache-mod-jk (May 2009) -Group maintained by Java Team, but no reply to RC security bug -#523054 for six weeks as of 2009-05-18. - ----- - -xpdf: (Nov 2009) -No maintainer upload for two years, frequent security issues. -Removed from Squeeze, remaining packages using xpdf-* have been -NMUed to use poppler - ----- - -swftools: (Nov 2009) -Similar situation as with xpdf (it embeds a copy of xpdf). -Removed from squeeze, no maintainer response in more than three months. - ---- - -polipo (Dec 2009) -maintainer seems inactive - --- libmikmod (Mar 2010) |