From ab5d76cceb70b2b20c2f089343ef03140432e21d Mon Sep 17 00:00:00 2001 From: Giuseppe Iuculano Date: Sun, 28 Mar 2010 21:39:25 +0000 Subject: filed some bugs git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@14347 e39458fd-73e7-0310-bf30-c45bca0a0e42 --- data/CVE/list | 14 +++++++------- data/problematic-packages | 4 ++++ 2 files changed, 11 insertions(+), 7 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 598dfee9c1..14c8cb4003 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1395,7 +1395,7 @@ CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (fle CVE-2010-0629 RESERVED CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...) - - krb5 + - krb5 (bug #575740) [lenny] - krb5 (Only affects 1.7/1.8) CVE-2010-XXXX [CouchDB: browser interface has XSS, CSRF issues] - couchdb (bug #570013) @@ -2365,7 +2365,7 @@ CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer ( CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...) {DSA-1991-1} - squid 2.7.STABLE8-1 - - squid3 + - squid3 (bug #575747) CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...) {DSA-1996-1} - linux-2.6 2.6.32-8 @@ -2467,7 +2467,7 @@ CVE-2010-0282 CVE-2010-0281 RESERVED CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...) - - lib3ds (low) + - lib3ds (low; bug #575741) [lenny] - lib3ds (Minor issue) [etch] - lib3ds (Minor issue) NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability @@ -3103,7 +3103,7 @@ CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...) - zabbix 1:1.8-1 (bug #562613) CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...) - - lxr-cvs + - lxr-cvs (bug #575745) NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...) - boa (unimportant) @@ -4676,10 +4676,10 @@ CVE-2009-3998 CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...) NOT-FOR-US: winamp CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...) - - libmikmod + - libmikmod (bug #575742) NOTE: http://secunia.com/secunia_research/2009-55/ CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...) - - libmikmod + - libmikmod (bug #575742) NOTE: http://secunia.com/secunia_research/2009-55/ CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...) - devil 1.7.8-6 (low; bug #560080) @@ -6475,7 +6475,7 @@ CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as u [etch] - xulrunner (Mozilla packages from oldstable no longer covered by security support) [lenny] - xulrunner (Video playback capabilities were added in 3.5) CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...) - - liboggplay + - liboggplay (bug #575743) - xulrunner 1.9.1.6-1 [etch] - xulrunner (Mozilla packages from oldstable no longer covered by security support) [lenny] - xulrunner (Video playback capabilities were added in 3.5) diff --git a/data/problematic-packages b/data/problematic-packages index dd8acb5ac8..d858d75c21 100644 --- a/data/problematic-packages +++ b/data/problematic-packages @@ -46,3 +46,7 @@ Removed from squeeze, no maintainer response in more than three months. polipo (Dec 2009) maintainer seems inactive +--- + +libmikmod (Mar 2010) +maintainer seems MIA, latest upload in 2004 -- cgit v1.2.3