From 7965a172e41eb88c81e500ccb2325d704a00ddab Mon Sep 17 00:00:00 2001 From: Michael Gilbert Date: Fri, 5 Mar 2010 02:52:03 +0000 Subject: fix some more latently vulnerable issues git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14191 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/list | 47 +++++++++++++++++++++++++++++++---------------- data/DSA/list | 2 +- data/DTSA/list | 4 ++-- data/embedded-code-copies | 3 ++- 4 files changed, 36 insertions(+), 20 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 4cf0fdc4df..3c1c1e843a 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1477,6 +1477,7 @@ CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the - CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...) {DSA-1980-1} - ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191) + - ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low) CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure ...) - linux-2.6 2.6.32-6 [etch] - linux-2.6 (vulnerable code introduced in 2.6.31) @@ -5096,6 +5097,7 @@ CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in th - linux-2.6.24 (redhat-specific configuration issue) CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...) {DSA-1934-1} + - apache2 2.2.14-2 NOTE: See separate CVE-2009-3555 file in SVN CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss ...) - jbossas4 4.2.2.GA-1 (bug #562000) @@ -7569,7 +7571,7 @@ CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Ap NOT-FOR-US: Apple Mac OS X CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...) {DSA-1908-1} - - samba 2:3.4.2-1 (unimportant; bug #550422) + - samba 2:3.4.2-1 (bug #550422) NOTE: requires an administrator to manually configure a user account without NOTE: a home dir, otherwise, this is ineffective CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...) @@ -10934,6 +10936,7 @@ CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, a - qt4-x11 4:4.5.2-1 [etch] - qt4-x11 (QTWebkit was introduced in 4.4) - kdelibs 3.5.10.dfsg.1-2.1 (medium; bug #534949) + - kde4libs 4:4.3.0-1 (medium) CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...) {DSA-1950-1} - webkit 1.1.15.2-1 (medium; bug #535793) @@ -11713,7 +11716,8 @@ CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...) {DSA-1851-1 DSA-1850-1} - libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076) - - gst-plugins-bad0.10 (it builds against an external libmodplug; bug #527075) + - gst-plugins-bad0.10 0.10.10.2-1 (bug #527075) + NOTE: gstreamer in unstable dynamically linked to external libmodplug CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...) NOT-FOR-US: CoolPlayer CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...) @@ -11855,7 +11859,7 @@ CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...) - linux-2.6 2.6.26-16 (low; bug #532721) - linux-2.6.24 CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...) - NOT-FOR-US: Different code base than Debian's libpam-krb5 + - libpam-krb5 (different code base than Debian's libpam-krb5) CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded ...) - mathtex 1.03-1 (medium; bug #537258) CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when ...) @@ -14641,6 +14645,7 @@ CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function ...) {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) + - openjdk-6 CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...) NOT-FOR-US: Downloadcenter CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade ...) @@ -14662,6 +14667,7 @@ CVE-2009-0724 CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before ...) {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) + - openjdk-6 CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 ...) NOT-FOR-US: Potato News CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP ...) @@ -15335,6 +15341,7 @@ CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mecha CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...) {DSA-1769-1 DSA-1745-1} - lcms 1.18.dfsg-1 (bug #522446) + - openjdk-6 CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...) - tomcat6 6.0.20-1 (low; bug #532362) - tomcat5 (low; bug #532363) @@ -17011,7 +17018,7 @@ CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and - hplip (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable) CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...) {DSA-1750-1} - - libpng 1.2.35-1 (unimportant; bug #512665) + - libpng 1.2.35-1 (bug #512665) NOTE: Only an issues when using libpng to create out-of-spec images CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...) - ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178) @@ -20534,6 +20541,7 @@ CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, - xulrunner 1.9.0.4-1 - iceweasel 3.0.4-1 - iceape 1.1.13-1 + - icedove 2.0.0.19-1 CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...) NOT-FOR-US: IBM ENOVIA SmarTeam CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows ...) @@ -24959,6 +24967,7 @@ CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 + - icedove 2.0.0.16-1 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...) {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 @@ -28103,6 +28112,7 @@ CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0 - bind9 1:9.5.0.dfsg-5 (high) NOTE: glibc stub resolver relies on source port randomisation in kernel - dnsmasq 2.43-1 (medium; bug #490123) + - refpolicy 2:0.0.20080702-1 - pdnsd 1.2.6-par-11 (bug #502275) - python-dns 2.3.1-5 (low; bug #490217) - dnspython (unimportant; bug #492465) @@ -28564,7 +28574,7 @@ CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...) NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...) {DSA-1521-1} - - lighttpd 1.4.19-1 (unimportant) + - lighttpd 1.4.19-1 NOTE: user configuration error, default documented in moduserdir documentation CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus ...) NOT-FOR-US: Alice Gate 2 Plus router firmware @@ -30171,11 +30181,13 @@ CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 a - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 + - icedove 2.0.0.12-1 CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 + - icedove 2.0.0.12-1 CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does ...) {DSA-1506-1 DSA-1489-1 DSA-1484-1} - iceweasel 2.0.0.12-1 @@ -30613,6 +30625,7 @@ CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 a - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 + - icedove 2.0.0.12-1 CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 @@ -30630,6 +30643,7 @@ CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows - iceweasel 2.0.0.12-1 - xulrunner 1.8.1.12-1 - iceape 1.1.8-1 + - icedove 2.0.0.12-1 CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...) {DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1} - iceweasel 2.0.0.12-1 @@ -35610,6 +35624,7 @@ CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk {DSA-1743-1 DSA-1416-1 DSA-1415-1} - tk8.3 8.3.5-10 (medium; bug #446465) - tk8.4 8.4.16-1 (medium) + - libtk-img 1.3-release-8 (medium) CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file ...) - tramp (the version we ship still uses make-temp-file) - emacs22 (the version we ship still uses make-temp-file) @@ -36342,6 +36357,7 @@ CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c i [etch] - tk8.4 (Vulnerability was introduced in 8.4.13) [sarge] - tk8.4 (Vulnerability was introduced in 8.4.13) - tk8.3 (Vulnerability was introduced in 8.4.13) + - libtk-img 1.3-release-8 CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...) NOT-FOR-US: DFD Cart CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...) @@ -41836,10 +41852,10 @@ CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...) {DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1} NOTE: MFSA2007-13 - - iceweasel 2.0.0.4-1 (unimportant) - - iceape 1.1.2-1 (unimportant) - - mozilla (unimportant) - - xulrunner 1.8.1.4-1 (unimportant) + - iceweasel 2.0.0.4-1 + - iceape 1.1.2-1 + - mozilla + - xulrunner 1.8.1.4-1 CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...) {DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1} NOTE: MFSA2007-12 @@ -42862,8 +42878,8 @@ CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.2 {DSA-1613-1} - libgd2 2.0.35.dfsg-1 (low) [etch] - libgd2 2.0.33-5.2etch1 (low) - - libpng 1.2.15~beta5-2 (unimportant) - - libpng3 (unimportant) + - libpng 1.2.15~beta5-2 + - libpng3 [etch] - libpng 1.2.15~beta5-1+etch2 NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...) @@ -45045,11 +45061,10 @@ CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 .. {DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1} NOTE: Affects various clients, but no practical security implications NOTE: MFSA2007-15 - - icedove 2.0.0.4-1 (unimportant) - - iceape 1.1.2-1 (unimportant) + - icedove 2.0.0.4-1 + - iceape 1.1.2-1 - fetchmail 6.3.8-1 (unimportant) - - mailfilter (unimportant) - NOTE: fixed in mailfilter upstream 0.8.2 + - mailfilter 0.8.2-1 - mutt 1.5.18-6 (unimportant) NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846) @@ -46361,7 +46376,7 @@ CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before - epiphany-browser (unimportant; bug #556272) NOTE: only epiphany-gecko backend affected - galeon (unimportant; bug #556270) - - kazehakase 0.5.8-2 (unimportant; bug #556271) + - kazehakase 0.5.8-2 (bug #556271) TODO: next point release: [etch] - kazehakase 0.4.2-1etch2 [lenny] - kazehakase 0.5.4-2lenny1 - conkeror (doesn't support bookmarks) diff --git a/data/DSA/list b/data/DSA/list index 3674f6dc1e..5f0f18b4be 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -3504,7 +3504,7 @@ [sarge] - util-vserver 0.30.204-5sarge3 NOTE: not fixed in testing at the time of DSA [21 Mar 2006] DSA-1010-1 ilohamail - missing input sanitising - {CVE-2006-1236} + {CVE-2005-1120} [sarge] - ilohamail 0.8.14-0rc3sarge1 NOTE: not fixed in testing at the time of DSA (too young) [21 Mar 2006] DSA-1009-1 crossfire - buffer overflow diff --git a/data/DTSA/list b/data/DTSA/list index ef0ef26de7..02af4d339a 100644 --- a/data/DTSA/list +++ b/data/DTSA/list @@ -159,7 +159,7 @@ {CVE-2007-1614} [lenny] - zziplib 0.12.83-8lenny1 [September 9th, 2007] DTSA-57-1 gforge - sql injection - {CVE-2007-3913 CVE-2007-4966} + {CVE-2007-3913} [lenny] - gforge 4.5.14-23lenny2 [September 13th, 2007] DTSA-58-1 phpgroupware - cross scripting vulnerability {CVE-2007-4048} @@ -194,7 +194,7 @@ {CVE-2007-5373} [lenny] - ldapscripts 1.4-2+lenny1 [October 23rd, 2007] DTSA-69-1 xulrunner - several vulnerabilities - {CVE-2007-5339 CVE-2007-5340 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2006-2894 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338 CVE-2007-4841} + {CVE-2007-5339 CVE-2007-5340 CVE-2007-1095 CVE-2007-2292 CVE-2007-3511 CVE-2006-2894 CVE-2007-5334 CVE-2007-5337 CVE-2007-5338} [lenny] - xulrunner 1.8.0.14~pre071019b-0lenny1 [October 23rd, 2007] DTSA-70-1 loop-aes-utils - privilege escalation {CVE-2007-5191} diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 0b1a610f92..6aebae980d 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -446,7 +446,7 @@ neon [sarge] - tla (embed; bug #395877) libmodplug - - gst-plugins-bad0.10 (embed) + - gst-plugins-bad0.10 0.10.10.2-1 (embed) libvncserver - vino (embed) @@ -935,6 +935,7 @@ rssparser (http://nwow.org) lcms - openjdk-6 (fork) + - gimp 2.4.0~rc2-2 libphp-phplayersmenu - diogenes -- cgit v1.2.3