[Secure-testing-commits] r13534 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Dec 13 00:42:50 UTC 2009
Author: gilbert-guest
Date: 2009-12-13 00:42:49 +0000 (Sun, 13 Dec 2009)
New Revision: 13534
Modified:
data/CVE/list
data/embedded-code-copies
Log:
recent non-numbered issues, libtool, and various other updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-13 00:30:18 UTC (rev 13533)
+++ data/CVE/list 2009-12-13 00:42:49 UTC (rev 13534)
@@ -2,6 +2,23 @@
- gif2png 2.5.2-1 (low; bug #550978)
[etch] - gif2png <no-dsa> (minor issue)
[lenny] - gif2png <no-dsa> (minor issue)
+CVE-2009-XXXX [browser-based css info disclosure]
+ - xulrunner <unfixed> (low; bug #560108)
+ - webkit <unfixed> (low; bug #560870)
+ - kazehakase <unfixed> (low; bug #560871)
+ - epiphany-browser <unfixed> (low; bug #560872)
+ - galeon <unfixed> (low; bug #560873)
+ - dillo <unfixed> (low; bug #560874)
+CVE-2009-XXXX [xpat2: save game permissions issue]
+ - xpat2 <unfixed> (unimportant; bug #560087)
+CVE-2009-XXXX [network-manager-gnome: wpa2 authentication issue]
+ - network-manager-gnome <unfixed> (low; bug #560067)
+CVE-2009-XXXX [unsafe xfs]
+ - xfs <unfixed> (low; bug #521107)
+ [etch] - xfs <no-dsa> (minor issue)
+ [lenny] - xfs <no-dsa> (minor issue)
+CVE-2009-XXXX [xserver-xorg: inherits user's mask]
+ - xserver-xorg 2:1.7.2-1 (low; bug #555308)
CVE-2009-4296
NOT-FOR-US: Taxonomy Timer module for Drupal
CVE-2009-4295
@@ -1340,7 +1357,7 @@
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, ...)
- libtool 2.2.6b-1 (low; bug #559797)
- arts <unfixed> (low; bug #559798)
- - bochs <unfixed> (low; bug #559799)
+ - bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
- camserv <unfixed> (low; bug #559800)
- collectd <unfixed> (low; bug #559801)
- courier-authlib <unfixed> (low; bug #559802)
@@ -1350,21 +1367,22 @@
- gnash <unfixed> (low; bug #559808)
- gnu-smalltalk <unfixed> (low; bug #559809)
- google-gadgets <unfixed> (low; bug #559810)
- - graphicsmagick <unfixed> (low; bug #559811)
+ - graphicsmagick 1.3.5-6 (low; bug #559811)
- graphviz <unfixed> (low; bug #559812)
- guile-1.6 <unfixed> (low; bug #559813)
- hamlib <unfixed> (low; bug #559814)
- hercules <unfixed> (low; bug #559815)
- - jags <unfixed> (low; bug #559816)
+ - jags 1.0.4-1 (low; bug #559816)
- kdelibs <unfixed> (low; bug #559817)
- libannodex <removed> (low; bug #559818)
- libextractor <unfixed> (low; bug #559819)
- - libmcrypt <unfixed> (low; bug #559820)
+ - libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
- libtunepimp <unfixed> (low; bug #559821)
- mp4h <unfixed> (low; bug #559822)
- naim <unfixed> (low; bug #559823)
- parser-mysql <unfixed> (low; bug #559824)
- pinball <unfixed> (low; bug #559825)
+ TODO: insufficient solution: only added depends libltdl-dev?
- redland <unfixed> (low; bug #559826)
[etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
[lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
@@ -1386,6 +1404,7 @@
- wml <unfixed> (low; bug #559841)
- proftpd-dfsg <unfixed> (low; bug #559842)
- babel 1.4.0.dfsg-5 (low; bug #559843)
+ TODO: insufficient solution: only added depends libltdl-dev?
[lenny] - babel <no-dsa> (Minor issue)
- libprelude <unfixed> (low; bug #559844)
- heartbeat <unfixed> (low; bug #559845)
@@ -43016,6 +43035,8 @@
NOTE: only epiphany-gecko backend affected
- galeon <unfixed> (unimportant; bug #556270)
- kazehakase 0.5.8-2 (unimportant; bug #556271)
+ TODO: next point release: [etch] - kazehakase 0.4.2-1etch2
+ TODO: next point release: [lenny] - kazehakase 0.5.4-2lenny1
- conkeror <not-affected> (doesn't support bookmarks)
- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-12-13 00:30:18 UTC (rev 13533)
+++ data/embedded-code-copies 2009-12-13 00:42:49 UTC (rev 13534)
@@ -657,7 +657,7 @@
NOTE: the kvm package will be removed from sid and squeeze soon (after
NOTE: which it will only be in experimental). superceded by qemu-kvm.
- qemu-kvm <unfixed> (embed; bug #560853)
- - xen-3 <unfixed> (embed; bug #560856)
+ - xen-3 3.4.2-2 (embed; bug #560856)
- xen-unstable <unfixed> (embed; bug #560856)
vgabios
@@ -828,7 +828,7 @@
NOTE: maintainer says there are extra incompatible changes required
- pixelpost 1.7.1-6 (embed)
- webhelpers <unfixed> (embed)
- - qwik <unfixed> (embed; bug #555241)
+ - qwik <removed> (embed; bug #555241)
- smokeping <unfixed> (embed)
- turba2 <unfixed> (embed)
- typo3-src 4.2.3-1 (embed)
@@ -1439,7 +1439,7 @@
- bcfg2 <not-affected> (present in source but not included in any binary files)
- serendipity <unfixed> (embed; bug #557746)
- moodle 1.8.2.dfsg-5 (embed)
- - jifty <unfixed> (embed; bug #557748)
+ - jifty 0.91117-1 (embed; bug #557748)
- webgui 7.7.26-1 (embed)
- loggerhead 1.17-1 (embed)
@@ -1531,7 +1531,7 @@
- apr <unfixed> (static; bug #489625)
NOTE: ships copy of libtool in libapr1-dev; was 'embed' before 1.3.2-3
- arts <unfixed> (embed)
- - bochs <unfixed> (embed)
+ - bochs <unfixed> (embed; bug #560884)
- camserv <unfixed> (embed)
- collectd <unfixed> (embed)
- courier-authlib <unfixed> (embed)
@@ -1544,16 +1544,16 @@
- gnash <unfixed> (embed)
- gnu-smalltalk <unfixed> (embed)
- google-gadgets <unfixed> (embed)
- - graphicsmagick <unfixed> (embed)
+ - graphicsmagick 1.3.5-6 (embed)
- graphviz <unfixed> (embed)
- guile-1.6 <unfixed> (embed)
- hamlib <unfixed> (embed)
- hercules <unfixed> (embed)
- - jags <unfixed> (embed)
+ - jags <unfixed> (embed; bug #560864)
- kdelibs <unfixed> (embed)
- libannodex <removed> (embed)
- libextractor <unfixed> (embed)
- - libmcrypt <unfixed> (embed)
+ - libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
- libtunepimp <unfixed> (embed)
- mp4h <unfixed> (embed)
- naim <unfixed> (embed)
@@ -1569,9 +1569,9 @@
- imagemagick <unfixed> (embed)
- hypre 2.4.0b-5 (embed)
- lam <unfixed> (embed)
- - openmpi <unfixed> (embed)
+ - openmpi <unfixable> (embed; bug #559386)
- parser <unfixed> (embed)
- - pdsh <unfixed> (embed)
+ - pdsh <unfixed> (embed; bug #560892)
- sbnc 1.2-8 (embed)
- sdcc <unfixed> (embed)
- wml <unfixed> (embed)
More information about the Secure-testing-commits
mailing list