Re: [Secure-testing-commits] r11636 - data/CVE

To: Kees Cook <kees@alioth.debian.org>
Cc: secure-testing-commits@lists.alioth.debian.org, debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r11636 - data/CVE
From: "Michael S. Gilbert" <michael.s.gilbert@gmail.com>
Date: Thu, 16 Apr 2009 23:10:38 -0400
Message-id: <[🔎] 20090416231038.1aa62fd5.michael.s.gilbert@gmail.com>
In-reply-to: <E1Lucq1-0001Mg-B4@alioth.debian.org>
References: <E1Lucq1-0001Mg-B4@alioth.debian.org>
would it make sense to integrate ubuntu's security tracker with
debian's, especially since the two distros are so closely related?
for example, [intrepid]/[jaunty] tags could be used to track
ubuntu-specific issues within the debian tracker.

this would greatly reduce duplication of effort and make it clear to
the other team when the one pushes a fix since everyone will be getting
updates from the same tracker.  it would also make a lot of sense for
the two teams to work more closely together.

also, debsecan could finally be modified so that its output makes
sense on ubuntu (a pet peeve of mine).

just a thought.

mike

On Fri, 17 Apr 2009 01:25:52 +0000
Kees Cook <kees@alioth.debian.org> wrote:

> Author: kees
> Date: 2009-04-17 01:25:52 +0000 (Fri, 17 Apr 2009)
> New Revision: 11636
> 
> Modified:
>    data/CVE/list
> Log:
> Sync from Ubuntu CVE tracker...
> unfixed: archivemail azureus clamav evolution-data-server ghostscript graphicsmagick iceape iceweasel jbossas4 libapache2-mod-perl2 libstruts1.2-java linux-2.6 ntp openjdk-6 python2.4 python2.5 sun-java5 sun-java6 tomcat5.5 torrentflux typo3-src wireshark xulrunner
> fixed: lighttpd tunapie
> 
> 
> Modified: data/CVE/list
> ===================================================================
> --- data/CVE/list	2009-04-16 21:14:13 UTC (rev 11635)
> +++ data/CVE/list	2009-04-17 01:25:52 UTC (rev 11636)
> @@ -163,15 +163,15 @@
>  	- php4 <not-affected> (the JSON extension was introduced in php5.2)
>  	- php-json-ext <unfixed>
>  CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows ...)
> -	TODO: check
> +	- wireshark <unfixed>
>  CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in ...)
> -	TODO: check
> +	- wireshark <unfixed>
>  CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...)
> -	TODO: check
> +	- wireshark <unfixed>
>  CVE-2009-1266
>  	RESERVED
>  CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
> -	TODO: check
> +	- linux-2.6 <unfixed>
>  CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
>  	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
>  CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
> @@ -193,7 +193,7 @@
>  CVE-2009-1255
>  	RESERVED
>  CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
> -	TODO: check
> +	- ghostscript <unfixed>
>  CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
>  	NOT-FOR-US: QuickerSite
>  CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
> @@ -239,7 +239,7 @@
>  CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
>  	NOT-FOR-US: Simple Machines Forum
>  CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...)
> -	TODO: check
> +	- ghostscript <unfixed>
>  CVE-2009-XXXX [roundup: insufficient access checks in web frontend]
>  	- roundup <unfixed> (bug #518768)
>  	[etch] - roundup 1.2.1-10+etch1
> @@ -259,10 +259,10 @@
>  	- clamav 0.94.dfsg.2-1~volatile2 (medium; bug #523016)
>  CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary ...)
>  	{DSA-1764-1}
> -	TODO: check
> +	- tunapie 2.1.17-1
>  CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary ...)
>  	{DSA-1764-1}
> -	TODO: check
> +	- tunapie 2.1.17-1
>  CVE-2009-1252
>  	RESERVED
>  CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in ...)
> @@ -360,7 +360,7 @@
>  CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...)
>  	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
>  CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
> -	TODO: check
> +	- graphicsmagick <unfixed>
>  CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
>  	NOT-FOR-US: GraFX miniCWB
>  CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...)
> @@ -421,7 +421,7 @@
>  CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...)
>  	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
>  CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...)
> -	TODO: check
> +	- typo3-src <unfixed>
>  CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
>  	NOT-FOR-US: LightNEasy SQLite
>  CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy &quot;no database&quot; ...)
> @@ -435,13 +435,13 @@
>  CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default &quot;isp&quot; account with a ...)
>  	NOT-FOR-US: Aztech port router
>  CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...)
> -	TODO: check
> +	- azureus <unfixed>
>  CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
>  	NOT-FOR-US: ?Torrent (uTorrent) WebUI
>  CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
> -	TODO: check
> +	- torrentflux <unfixed>
>  CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
> -	TODO: check
> +	- torrentflux <unfixed>
>  CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
>  	NOT-FOR-US: BS.player
>  CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
> @@ -1859,16 +1859,16 @@
>  CVE-2009-0797
>  	RESERVED
>  CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
> -	TODO: check
> +	- libapache2-mod-perl2 <unfixed>
>  CVE-2009-0795 [af_rose/x25 DoS]
>  	REJECTED
>  	- linux-2.6 <unfixed>
>  	- linux-2.6.24 <unfixed>
>  CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)
> -	TODO: check
> +	- openjdk-6 <unfixed>
>  CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
>  	{DSA-1769-1}
> -	TODO: check
> +	- openjdk-6 <unfixed>
>  CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
>  	- argyll <unfixed> (low; bug #523427)
>  CVE-2009-0791
> @@ -2445,7 +2445,9 @@
>  CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...)
>  	- openssl 0.9.8-1 (bug #517791)
>  CVE-2009-0652 (Mozilla Firefox 3.0.6 does not properly prevent the literal rendering ...)
> -	TODO: check
> +	- iceape <unfixed>
> +	- xulrunner <unfixed>
> +	- iceweasel <unfixed>
>  CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
>  	NOT-FOR-US: Veritas network daemon
>  CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
> @@ -2924,7 +2926,7 @@
>  	- gs-gpl <removed>
>  	- gs-esp <removed>
>  CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...)
> -	TODO: check
> +	- evolution-data-server <unfixed>
>  CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...)
>  	{DSA-1769-1 DSA-1745-1}
>  	- lcms 1.18.dfsg-1 (bug #522446)
> @@ -3405,11 +3407,11 @@
>  CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...)
>  	NOT-FOR-US: StorageCrypt
>  CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, ...)
> -	TODO: check
> +	- graphicsmagick <unfixed>
>  CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in ...)
> -	TODO: check
> +	- graphicsmagick <unfixed>
>  CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...)
> -	TODO: check
> +	- graphicsmagick <unfixed>
>  CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...)
>  	NOT-FOR-US: eChat plugin
>  CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...)
> @@ -3996,7 +3998,8 @@
>  	- dia 0.96.1-7.1 (low; bug #504251)
>  	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
>  CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
> -	TODO: check
> +	- python2.5 <unfixed>
> +	- python2.4 <unfixed>
>  CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
>  	NOT-FOR-US: BMC PATROL Agent
>  CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...)
> @@ -4313,7 +4316,7 @@
>  CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
>  	NOT-FOR-US: IrfanView
>  CVE-2009-0196
> -	RESERVED
> +	- ghostscript <unfixed>
>  CVE-2009-0195
>  	RESERVED
>  CVE-2009-0194
> @@ -4414,7 +4417,7 @@
>  CVE-2009-0160
>  	RESERVED
>  CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...)
> -	TODO: check
> +	- ntp <unfixed>
>  CVE-2009-0158
>  	RESERVED
>  CVE-2009-0157
> @@ -5409,7 +5412,7 @@
>  	- linux-2.6 2.6.29-1
>  	- linux-2.6.24 <unfixed>
>  CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
> -	TODO: check
> +	- jbossas4 <unfixed>
>  CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
>  	NOT-FOR-US: Apache Jackrabbit
>  CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...)
> @@ -5602,7 +5605,7 @@
>  CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...)
>  	NOT-FOR-US: DrWeb Anti-virus
>  CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
> -	TODO: check
> +	- clamav <unfixed>
>  	NOTE: CVE claims it only happens when Internet Explorer 6 or 7 is used, but ClamAV doesn't have any special code for IE
>  CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
>  	NOT-FOR-US: CAT-QuickHeal
> @@ -5615,7 +5618,7 @@
>  CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
>  	NOT-FOR-US: AhnLab V3
>  CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
> -	TODO: check
> +	- tomcat5.5 <unfixed>
>  CVE-2008-5518
>  	RESERVED
>  CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
> @@ -7641,7 +7644,9 @@
>  	NOTE: not reproducible using iceweasel 3.0.1
>  CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
>  	{CVE-2008-4724}
> -	TODO: check
> +	- iceape <unfixed>
> +	- xulrunner <unfixed>
> +	- iceweasel <unfixed>
>  	NOTE: http://www.jorgan.users.cg.yu/ seems to be the original source
>  	NOTE: Not enough details to tell if this is a real vulnerability.
>  	NOTE: My guess is that file names containing <>& are incorrectly
> @@ -13994,7 +13999,9 @@
>  CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...)
>  	NOT-FOR-US: Softbiz Web Host Directory Script
>  CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
> -	TODO: check
> +	- openjdk-6 <unfixed>
> +	- sun-java5 <unfixed>
> +	- sun-java6 <unfixed>
>  CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
>  	NOT-FOR-US: MyArticles
>  CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)
> @@ -14121,7 +14128,7 @@
>  CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
>  	NOT-FOR-US:  RSA Authentication Agent
>  CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
> -	TODO: check
> +	- libstruts1.2-java <unfixed>
>  CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
>  	NOT-FOR-US: miniBB
>  CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
> @@ -29267,7 +29274,7 @@
>  CVE-2007-2842
>  	RESERVED
>  CVE-2007-2841 [lighttpd DoS]
> -	RESERVED
> +	- lighttpd 1.4.16-1 (bug #428368)
>  	NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed with MITRE
>  	NOTE: assignment
>  CVE-2007-2840
> @@ -42623,7 +42630,7 @@
>  	{DSA-1177-1}
>  	- usermin <removed> (bug #374609)
>  CVE-2006-4245
> -	RESERVED
> +	- archivemail <unfixed>
>  CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
>  	{DSA-1239-1}
>  	- sql-ledger 2.6.18-1 (medium; bug #386519)
> @@ -45262,7 +45269,6 @@
>  	{DSA-1112}
>  	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
>  CVE-2006-3100 [termnetd buffer overflow]
> -	RESERVED
>  	- termpkg 3.3-7 (bug #358028; medium)
>  CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
>  	- linux-2.6 2.6.16-15
> 
> 
> _______________________________________________
> Secure-testing-commits mailing list
> Secure-testing-commits@lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
Reply to:
Follow-Ups:
- Re: [Secure-testing-commits] r11636 - data/CVE
  - From: Kees Cook <kees@debian.org>
Prev by Date: Re: DSA-1770-1: No, it's not lenny security
Next by Date: Re: [Secure-testing-commits] r11636 - data/CVE
Previous by thread: Re: DSA-1770-1: No, it's not lenny security
Next by thread: Re: [Secure-testing-commits] r11636 - data/CVE
Index(es):
- Date
- Thread