diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2010-07-20 06:22:33 +0000 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2010-07-20 06:22:33 +0000 |
| commit | 2fbb8a8aba33214d3c930671dae9f7f4ca7dd441 (patch) | |
| tree | db9b551550e12017262ede3329ee2e8e8f8f0685 | |
| parent | ffa4d2d7638021d147ed93f2b75be3dbcf4476c4 (diff) | |
- some packages are properly maintained or removed by now
- mlmmj fixed
- new rpcbind issue (fixed)
- tomcat fixed
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15004 e39458fd-73e7-0310-bf30-c45bca0a0e42
| -rw-r--r-- | data/CVE/2008.list | 2 | ||||
| -rw-r--r-- | data/CVE/2009.list | 2 | ||||
| -rw-r--r-- | data/CVE/2010.list | 3 | ||||
| -rw-r--r-- | data/problematic-packages | 35 |
4 files changed, 4 insertions, 38 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index d105d3bc76..f1c67de9be 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -104,7 +104,7 @@ CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...) [lenny] - glpi <no-dsa> (minor issue) - knowledgeroot 0.9.9.5-1 (low; bug #555229) [etch] - knowledgeroot <no-dsa> (minor issue) - [lenny] - knowledgeroot <no-dsa> (minor issue) + [lenny] - knowledgeroot <not-affected> (Vulnerable code not present) - mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231) [etch] - mt-daapd 0.2.4+r1376-1.1+etch3 - mediatomb 0.12.0~svn2018-5 (low; bug #555232) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index d8b9601dc3..db63adcbef 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -83,7 +83,7 @@ CVE-2009-4897 RESERVED CVE-2009-4896 RESERVED - - mlmmj <unfixed> (bug #588038) + - mlmmj 1.2.17-1.1 (bug #588038) CVE-2009-4895 [linux tty null ptr dereference] RESERVED - linux-2.6 2.6.32-9 diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 872227596a..132c92a914 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1210,7 +1210,7 @@ CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-contr - moodle 1.9.9-1 (bug #586280) CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...) - tomcat5 <removed> - - tomcat6 <unfixed> (bug filed) + - tomcat6 6.0.28-1 (bug #588813) CVE-2010-2226 [xfs SWAPEXT ioctl permissions bypass] RESERVED - linux-2.6 <unfixed> @@ -1606,6 +1606,7 @@ CVE-2010-2062 [VLC: integer underflow in Real RTSP] NOTE: DSA-2043 and DSA-2044 CVE-2010-2061 RESERVED + - rpcbind 0.2.0-4.1 CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...) - beanstalkd 1.4.6-1 (unimportant; bug #585162) NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network, diff --git a/data/problematic-packages b/data/problematic-packages index d858d75c21..5fd3156626 100644 --- a/data/problematic-packages +++ b/data/problematic-packages @@ -11,41 +11,6 @@ No reaction to remote code execution bugs in unstable since July. Only one upload, maintainer has no other packages. pinged maintainer on 2009-11-29, maintainer reacted promptly ----- - -bugzilla: (Nov 2009) -Maintainer active again, package is still quite old, though 3.2 - ----- - -jasper (June 2009) -A security fix was dropped in a later upload, no followup on -the respective bug for three weeks as of 2009-06-02. - ----- - -libapache-mod-jk (May 2009) -Group maintained by Java Team, but no reply to RC security bug -#523054 for six weeks as of 2009-05-18. - ----- - -xpdf: (Nov 2009) -No maintainer upload for two years, frequent security issues. -Removed from Squeeze, remaining packages using xpdf-* have been -NMUed to use poppler - ----- - -swftools: (Nov 2009) -Similar situation as with xpdf (it embeds a copy of xpdf). -Removed from squeeze, no maintainer response in more than three months. - ---- - -polipo (Dec 2009) -maintainer seems inactive - --- libmikmod (Mar 2010) |