[Secure-testing-commits] r13538 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Dec 13 04:45:39 UTC 2009
Author: gilbert-guest
Date: 2009-12-13 04:45:39 +0000 (Sun, 13 Dec 2009)
New Revision: 13538
Modified:
data/CVE/list
Log:
bugs submitted for expat issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-13 02:57:12 UTC (rev 13537)
+++ data/CVE/list 2009-12-13 04:45:39 UTC (rev 13538)
@@ -1470,47 +1470,108 @@
- expat 2.0.1-5 (low; bug #551936)
- w3c-libwww <removed> (low; bug #551938)
[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
- - python-xml <unfixed> (low; bug #551939)
- TODO: check - python2.5 <unfixed> (low)
- TODO: check - python2.4 <unfixed> (low)
- TODO: check - wxwindows2.4 <removed> (low)
- TODO: check - wxwidgets2.6 <unfixed> (low)
- TODO: check - wxwidgets2.8 <unfixed> (low)
- TODO: check - celementtree <unfixed> (low)
- TODO: check - audacity <unfixed> (low)
- TODO: check - matanza <unfixed> (low)
- TODO: check - tdom <unfixed> (low)
- TODO: check - udunits <unfixed> (low)
+ - python-xml <removed> (low; bug #560951)
+ [etch] - python-xml <no-dsa> (minor issue)
+ [lenny] - python-xml <no-dsa> (minor issue)
+ - python2.5 <unfixed> (low; bug #560912)
+ [etch] - python2.5 <no-dsa> (minor issue)
+ [lenny] - python2.5 <no-dsa> (minor issue)
+ - python2.4 <unfixed> (low; bug #560913)
+ [etch] - python2.4 <no-dsa> (minor issue)
+ [lenny] - python2.4 <no-dsa> (minor issue)
+ - python-4suite <unfixed> (low; bug #560914)
+ - wxwindows2.4 <removed> (low; bug #560915)
+ [etch] - wxwindows2.4 <no-dsa> (minor issue)
+ - wxwidgets2.6 <unfixed> (low; bug #560916)
+ [etch] - wxwidgets2.6 <no-dsa> (minor issue)
+ [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
+ - wxwidgets2.8 <unfixed> (low; bug #560917)
+ [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
+ - celementtree <unfixed> (low; bug #560918)
+ [etch] - celementtree <no-dsa> (minor issue)
+ [lenny] - celementtree <no-dsa> (minor issue)
+ - audacity <unfixed> (low; bug #560919)
+ [etch] - audacity <no-dsa> (minor issue)
+ [lenny] - audacity <no-dsa> (minor issue)
+ - matanza <unfixed> (low; bug #560920)
+ [etch] - matanza <no-dsa> (minor issue)
+ [lenny] - matanza <no-dsa> (minor issue)
+ - tdom <unfixed> (low; bug #560921)
+ [etch] - tdom <no-dsa> (minor issue)
+ [lenny] - tdom <no-dsa> (minor issue)
+ - udunits <unfixed> (low; bug #560922)
- apr-util <not-affected> (links to system expat)
- TODO: check - ayttm <unfixed> (low)
- TODO: check - cableswig <unfixed> (low)
- TODO: check - cadaver <unfixed> (low)
- TODO: check - cmake <unfixed> (low)
- TODO: check - coin3 <unfixed> (low)
- TODO: check - gdcm <unfixed> (low)
- TODO: check - ghostscript <unfixed> (low)
- TODO: check - grmonitor <unfixed> (low)
- TODO: check - iceape <unfixed> (low)
- TODO: check - insighttoolkit <unfixed> (low)
- TODO: check - libparagui1.1 <unfixed> (low)
- TODO: check - paraview <unfixed> (low)
- TODO: check - poco <unfixed> (low)
- TODO: check - simgear <unfixed> (low)
- TODO: check - sitecopy <unfixed> (low)
- TODO: check - smart <unfixed> (low)
- TODO: check - swish-e <unfixed> (low)
- TODO: check - tla <unfixed> (low)
- TODO: check - vtk <unfixed> (low)
- TODO: check - wbxml2 <unfixed> (low)
- TODO: check - xmlrpc-c <unfixed> (low)
- TODO: check - iceweasel <unfixed> (low)
- TODO: check - kompozer 1:0.8~b1-2 (low)
- TODO: check - vxl <unfixed> (low)
- TODO: check - xulrunner <unfixed> (low)
+ - ayttm <unfixed> (low; bug #560924)
+ [etch] - ayttm <no-dsa> (minor issue)
+ [lenny] - ayttm <no-dsa> (minor issue)
+ - cableswig <unfixed> (low; bug #560925)
+ [etch] - cableswig <no-dsa> (minor issue)
+ [lenny] - cableswig <no-dsa> (minor issue)
+ - cadaver <unfixed> (low; bug #560926)
+ [etch] - cadaver <no-dsa> (minor issue)
+ [lenny] - cadaver <no-dsa> (minor issue)
+ - cmake <unfixed> (low; bug #560927)
+ [etch] - cmake <no-dsa> (minor issue)
+ [lenny] - cmake <no-dsa> (minor issue)
+ - coin3 <unfixed> (low; bug #560928)
+ - gdcm <unfixed> (low; bug #560929)
+ - ghostscript <unfixed> (low; bug #560930)
+ [lenny] - ghostscript <no-dsa> (minor issue)
+ - grmonitor <unfixed> (low; bug #560931)
+ [etch] - grmonitor <no-dsa> (minor issue)
+ [lenny] - grmonitor <no-dsa> (minor issue)
+ - iceape <unfixed> (low; bug #560932)
+ [etch] - iceape <no-dsa> (minor issue)
+ [lenny] - iceape <no-dsa> (minor issue)
+ - insighttoolkit <unfixed> (low; bug #560933)
+ [lenny] - insighttoolkit <no-dsa> (minor issue)
+ - libparagui1.1 <unfixed> (low; bug #560934)
+ [lenny] - libparagui1.1 <no-dsa> (minor issue)
+ - paraview <unfixed> (low; bug #560935)
+ [lenny] - paraview <no-dsa> (minor issue)
+ - poco <unfixed> (low; bug #560936)
+ [lenny] - poco <no-dsa> (minor issue)
+ - simgear <unfixed> (low; bug #560937)
+ [etch] - simgear <no-dsa> (minor issue)
+ [lenny] - simgear <no-dsa> (minor issue)
+ - sitecopy <unfixed> (low; bug #560938)
+ [etch] - sitecopy <no-dsa> (minor issue)
+ [lenny] - sitecopy <no-dsa> (minor issue)
+ - smart <unfixed> (low; bug #560953)
+ [etch] - smart <no-dsa> (minor issue)
+ [lenny] - smart <no-dsa> (minor issue)
+ - swish-e <unfixed> (low; bug #560939)
+ [etch] - swish-e <no-dsa> (minor issue)
+ [lenny] - swish-e <no-dsa> (minor issue)
+ - tla <unfixed> (low; bug #560940)
+ [etch] - tla <no-dsa> (minor issue)
+ [lenny] - tla <no-dsa> (minor issue)
+ - vtk <unfixed> (low; bug #560952)
+ [etch] - vtk <no-dsa> (minor issue)
+ [lenny] - vtk <no-dsa> (minor issue)
+ - wbxml2 <unfixed> (low; bug #560941)
+ [etch] - wbxml2 <no-dsa> (minor issue)
+ [lenny] - wbxml2 <no-dsa> (minor issue)
+ - xmlrpc-c <unfixed> (low; bug #560942)
+ [etch] - xmlrpc-c <no-dsa> (minor issue)
+ [lenny] - xmlrpc-c <no-dsa> (minor issue)
+ - iceweasel <unfixed> (low; bug #560943)
+ [etch] - iceweasel <no-dsa> (minor issue)
+ [lenny] - iceweasel <no-dsa> (minor issue)
+ - kompozer 1:0.8~b1-2 (low; bug #560944)
+ - vxl <unfixed> (low; bug #560945)
+ - xulrunner <unfixed> (low; bug #560946)
+ [etch] - xulrunner <no-dsa> (minor issue)
+ [lenny] - xulrunner <no-dsa> (minor issue)
- apache2 <not-affected> (links to system expat)
- TODO: check - texlive-bin <unfixed> (low)
- TODO: check - vnc4 <unfixed> (low)
- TODO: check - xotcl <unfixed> (low)
+ - texlive-bin <unfixed> (low; bug #560948)
+ [etch] - texlive-bin <no-dsa> (minor issue)
+ [lenny] - texlive-bin <no-dsa> (minor issue)
+ - vnc4 <unfixed> (low; bug #560951)
+ [etch] - vnc4 <no-dsa> (minor issue)
+ [lenny] - vnc4 <no-dsa> (minor issue)
+ - xotcl <unfixed> (low; bug #560952)
+ [lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
NOT-FOR-US: Battle Blog
CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...)
@@ -1938,6 +1999,110 @@
NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
- expat <unfixed> (low; bug #560901)
+ - w3c-libwww <removed>
+ [etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
+ - python-xml <removed> (low; bug #560951)
+ [etch] - python-xml <no-dsa> (minor issue)
+ [lenny] - python-xml <no-dsa> (minor issue)
+ - python2.5 <unfixed> (low; bug #560912)
+ [etch] - python2.5 <no-dsa> (minor issue)
+ [lenny] - python2.5 <no-dsa> (minor issue)
+ - python2.4 <unfixed> (low; bug #560913)
+ [etch] - python2.4 <no-dsa> (minor issue)
+ [lenny] - python2.4 <no-dsa> (minor issue)
+ - python-4suite <unfixed> (low; bug #560914)
+ - wxwindows2.4 <removed> (low; bug #560915)
+ [etch] - wxwindows2.4 <no-dsa> (minor issue)
+ - wxwidgets2.6 <unfixed> (low; bug #560916)
+ [etch] - wxwidgets2.6 <no-dsa> (minor issue)
+ [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
+ - wxwidgets2.8 <unfixed> (low; bug #560917)
+ [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
+ - celementtree <unfixed> (low; bug #560918)
+ [etch] - celementtree <no-dsa> (minor issue)
+ [lenny] - celementtree <no-dsa> (minor issue)
+ - audacity <unfixed> (low; bug #560919)
+ [etch] - audacity <no-dsa> (minor issue)
+ [lenny] - audacity <no-dsa> (minor issue)
+ - matanza <unfixed> (low; bug #560920)
+ [etch] - matanza <no-dsa> (minor issue)
+ [lenny] - matanza <no-dsa> (minor issue)
+ - tdom <unfixed> (low; bug #560921)
+ [etch] - tdom <no-dsa> (minor issue)
+ [lenny] - tdom <no-dsa> (minor issue)
+ - udunits <unfixed> (low; bug #560922)
+ - apr-util <not-affected> (links to system expat)
+ - ayttm <unfixed> (low; bug #560924)
+ [etch] - ayttm <no-dsa> (minor issue)
+ [lenny] - ayttm <no-dsa> (minor issue)
+ - cableswig <unfixed> (low; bug #560925)
+ [etch] - cableswig <no-dsa> (minor issue)
+ [lenny] - cableswig <no-dsa> (minor issue)
+ - cadaver <unfixed> (low; bug #560926)
+ [etch] - cadaver <no-dsa> (minor issue)
+ [lenny] - cadaver <no-dsa> (minor issue)
+ - cmake <unfixed> (low; bug #560927)
+ [etch] - cmake <no-dsa> (minor issue)
+ [lenny] - cmake <no-dsa> (minor issue)
+ - coin3 <unfixed> (low; bug #560928)
+ - gdcm <unfixed> (low; bug #560929)
+ - ghostscript <unfixed> (low; bug #560930)
+ [lenny] - ghostscript <no-dsa> (minor issue)
+ - grmonitor <unfixed> (low; bug #560931)
+ [etch] - grmonitor <no-dsa> (minor issue)
+ [lenny] - grmonitor <no-dsa> (minor issue)
+ - iceape <unfixed> (low; bug #560932)
+ [etch] - iceape <no-dsa> (minor issue)
+ [lenny] - iceape <no-dsa> (minor issue)
+ - insighttoolkit <unfixed> (low; bug #560933)
+ [lenny] - insighttoolkit <no-dsa> (minor issue)
+ - libparagui1.1 <unfixed> (low; bug #560934)
+ [lenny] - libparagui1.1 <no-dsa> (minor issue)
+ - paraview <unfixed> (low; bug #560935)
+ [lenny] - paraview <no-dsa> (minor issue)
+ - poco <unfixed> (low; bug #560936)
+ [lenny] - poco <no-dsa> (minor issue)
+ - simgear <unfixed> (low; bug #560937)
+ [etch] - simgear <no-dsa> (minor issue)
+ [lenny] - simgear <no-dsa> (minor issue)
+ - sitecopy <unfixed> (low; bug #560938)
+ [etch] - sitecopy <no-dsa> (minor issue)
+ [lenny] - sitecopy <no-dsa> (minor issue)
+ - smart <unfixed> (low; bug #560953)
+ [etch] - smart <no-dsa> (minor issue)
+ [lenny] - smart <no-dsa> (minor issue)
+ - swish-e <unfixed> (low; bug #560939)
+ [etch] - swish-e <no-dsa> (minor issue)
+ [lenny] - swish-e <no-dsa> (minor issue)
+ - tla <unfixed> (low; bug #560940)
+ [etch] - tla <no-dsa> (minor issue)
+ [lenny] - tla <no-dsa> (minor issue)
+ - vtk <unfixed> (low; bug #560952)
+ [etch] - vtk <no-dsa> (minor issue)
+ [lenny] - vtk <no-dsa> (minor issue)
+ - wbxml2 <unfixed> (low; bug #560941)
+ [etch] - wbxml2 <no-dsa> (minor issue)
+ [lenny] - wbxml2 <no-dsa> (minor issue)
+ - xmlrpc-c <unfixed> (low; bug #560942)
+ [etch] - xmlrpc-c <no-dsa> (minor issue)
+ [lenny] - xmlrpc-c <no-dsa> (minor issue)
+ - iceweasel <unfixed> (low; bug #560943)
+ [etch] - iceweasel <no-dsa> (minor issue)
+ [lenny] - iceweasel <no-dsa> (minor issue)
+ - kompozer 1:0.8~b1-2 (low; bug #560944)
+ - vxl <unfixed> (low; bug #560945)
+ - xulrunner <unfixed> (low; bug #560946)
+ [etch] - xulrunner <no-dsa> (minor issue)
+ [lenny] - xulrunner <no-dsa> (minor issue)
+ - apache2 <not-affected> (links to system expat)
+ - texlive-bin <unfixed> (low; bug #560948)
+ [etch] - texlive-bin <no-dsa> (minor issue)
+ [lenny] - texlive-bin <no-dsa> (minor issue)
+ - vnc4 <unfixed> (low; bug #560951)
+ [etch] - vnc4 <no-dsa> (minor issue)
+ [lenny] - vnc4 <no-dsa> (minor issue)
+ - xotcl <unfixed> (low; bug #560952)
+ [lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3559 (** DISPUTED ** ...)
- php5 <unfixed> (unimportant)
NOTE: safe_mode regression
More information about the Secure-testing-commits
mailing list