[Secure-testing-commits] r12557 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Aug 10 23:56:52 UTC 2009 

Author: gilbert-guest
Date: 2009-08-10 23:56:52 +0000 (Mon, 10 Aug 2009)
New Revision: 12557

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- new non-numbered issues
- new xulrunner embeds libvorbis
- bugs submitted for libvorbis cve


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-10 21:14:14 UTC (rev 12556)
+++ data/CVE/list	2009-08-10 23:56:52 UTC (rev 12557)
@@ -1,3 +1,8 @@
+CVE-2009-XXXX [apache2: xml-based firewall bypass / port scanning]
+	- apache2 <unfixed> (low; bug #540862)
+CVE-2009-XXXX [linux-2.6: parisc eisa underflow]
+	- linux-2.6 <unfixed> (low)
+	- linux-2.6.24 <removed>
 CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
 	TODO: check
 CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...)
@@ -253,8 +258,10 @@
 	- xulrunner <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before 3.0.13 and ...)
-	- xulrunner <unfixed>
-	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	- libvorbis <unfixed> (medium; bug #540958)
+	- xulrunner <not-affected> (medium; bug #540961)
+	NOTE: vorbis support added in 1.9.0.13 and 1.9.1.0, which have not yet entered the archive
+	TODO: recheck when 1.9.0.13 or 1.9.1.x enter stable/unstable
 CVE-2009-2662 (The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x before ...)
 	- xulrunner <unfixed>
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-08-10 21:14:14 UTC (rev 12556)
+++ data/embedded-code-copies	2009-08-10 23:56:52 UTC (rev 12557)
@@ -919,3 +919,6 @@
 
 libept:
 	- adept <unfixed> (embed; bug #540649)
+
+libvorbis:
+	- xulrunner <unfixed> (embed; 540959)

More information about the Secure-testing-commits mailing list