From cc4e3d07b3b0504acff25292f5dccfd92fdf3675 Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Sun, 24 May 2009 08:04:56 +0000 Subject: - compiz-fusion-plugins-main no-dsa - two new kernel issues - requested removal for verlihub git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@11963 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/list | 10 +++++++--- data/problematic-packages | 2 +- data/spu-candidates.txt | 10 ++++++++++ 3 files changed, 18 insertions(+), 4 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 37a5bb7c31..6f35bbaf84 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -9,7 +9,8 @@ CVE-2009-1760 CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...) - ctorrent (bug #530255) CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...) - TODO: check + - linux-2.6 + - linux-2.6.24 CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...) - transmission 1.61-1 (low) [lenny] - transmission (Vulnerable code not present, the web interface was introduced in 1.30) @@ -287,8 +288,10 @@ CVE-2009-1635 RESERVED CVE-2009-1634 RESERVED -CVE-2009-1633 +CVE-2009-1633 [CIFS Unicode issue] RESERVED + - linux-2.6 + - linux-2.6.24 CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...) {DSA-1804-1} - ipsec-tools 0.7.1-1.5 (medium; bug #528933) @@ -2458,7 +2461,8 @@ CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A a CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another ...) NOT-FOR-US: yappa-ng CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with ...) - - compiz-fusion-plugins-main 0.8.2-1 + - compiz-fusion-plugins-main 0.8.2-1 (low) + [lenny] - compiz-fusion-plugins-main (Minor issue) CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP ...) NOT-FOR-US: Andy's PHP Knowledgebase CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...) diff --git a/data/problematic-packages b/data/problematic-packages index 7a8e520678..807037fbd2 100644 --- a/data/problematic-packages +++ b/data/problematic-packages @@ -21,4 +21,4 @@ Filed RC bug about maintenance status: #527840 verlihub: (May 2009) No maintainer upload for one year, no reply to RC security bug #506530 for six months as of 2009-05-21 - +Requested removal from the archive: 529817 diff --git a/data/spu-candidates.txt b/data/spu-candidates.txt index 6235a673ab..22c6e23c22 100644 --- a/data/spu-candidates.txt +++ b/data/spu-candidates.txt @@ -25,6 +25,10 @@ notified maintainer -- +compiz-fusion-plugins-main (CVE-2008-6514) + +-- + coccinelle http://packages.qa.debian.org/c/coccinelle/news/20090502T001704Z.html @@ -72,6 +76,12 @@ Ola will prepare a fix in a point update -- +smarty (CVE-2009-1669) +#529810 +http://groups.google.com/group/smarty-svn/browse_thread/thread/b2da2e5d1ef8b462 + +-- + tau (CVE-2008-5157) #506348 notified maintainer -- cgit v1.2.3