[Secure-testing-commits] r13541 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Dec 13 16:37:52 UTC 2009 

Author: gilbert-guest
Date: 2009-12-13 16:37:52 +0000 (Sun, 13 Dec 2009)
New Revision: 13541

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
some expat updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-13 15:37:41 UTC (rev 13540)
+++ data/CVE/list	2009-12-13 16:37:52 UTC (rev 13541)
@@ -4,6 +4,7 @@
 	- gif2png 2.5.2-1 (low; bug #550978)
 	[etch] - gif2png <no-dsa> (minor issue)
 	[lenny] - gif2png <no-dsa> (minor issue)
+	TODO: recheck (see bug)
 CVE-2009-XXXX [browser-based css info disclosure]
 	- xulrunner <unfixed> (low; bug #560108)
 	- webkit <unfixed> (low; bug #560870)
@@ -1501,7 +1502,7 @@
 	[lenny] - tdom <no-dsa> (minor issue)
 	- udunits <unfixed> (low; bug #560922)
 	- apr-util <not-affected> (links to system expat)
-	- ayttm <unfixed> (low; bug #560924)
+	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
 	[lenny] - ayttm <no-dsa> (minor issue)
 	- cableswig <unfixed> (low; bug #560925)
@@ -1510,9 +1511,8 @@
 	- cadaver <unfixed> (low; bug #560926)
 	[etch] - cadaver <no-dsa> (minor issue)
 	[lenny] - cadaver <no-dsa> (minor issue)
-	- cmake <unfixed> (low; bug #560927)
+	- cmake 2.6.0-6 (low; bug #560927)
 	[etch] - cmake <no-dsa> (minor issue)
-	[lenny] - cmake <no-dsa> (minor issue)
 	- coin3 <unfixed> (low; bug #560928)
 	- gdcm <unfixed> (low; bug #560929)
 	- ghostscript <unfixed> (low; bug #560930)
@@ -1998,7 +1998,7 @@
 CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
-	- expat <unfixed> (low; bug #560901)
+	- expat 2.0.1-6 (low; bug #560901)
 	- w3c-libwww <removed>
 	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
 	- python-xml <removed> (low; bug #560951)
@@ -2032,7 +2032,7 @@
 	[lenny] - tdom <no-dsa> (minor issue)
 	- udunits <unfixed> (low; bug #560922)
 	- apr-util <not-affected> (links to system expat)
-	- ayttm <unfixed> (low; bug #560924)
+	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
 	[lenny] - ayttm <no-dsa> (minor issue)
 	- cableswig <unfixed> (low; bug #560925)
@@ -2041,9 +2041,8 @@
 	- cadaver <unfixed> (low; bug #560926)
 	[etch] - cadaver <no-dsa> (minor issue)
 	[lenny] - cadaver <no-dsa> (minor issue)
-	- cmake <unfixed> (low; bug #560927)
+	- cmake 2.6.0-6 (low; bug #560927)
 	[etch] - cmake <no-dsa> (minor issue)
-	[lenny] - cmake <no-dsa> (minor issue)
 	- coin3 <unfixed> (low; bug #560928)
 	- gdcm <unfixed> (low; bug #560929)
 	- ghostscript <unfixed> (low; bug #560930)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-13 15:37:41 UTC (rev 13540)
+++ data/embedded-code-copies	2009-12-13 16:37:52 UTC (rev 13541)
@@ -1081,8 +1081,8 @@
 	- w3c-libwww <removed> (embed; bug #551941)
 	[etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*]
 	- python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
-	- python2.5 <unfixed> (embed; bug #553403) [./Modules/expat/*]
-	- python2.4 <unfixed> (embed; bug #553403)
+	- python2.5 <unfixable> (embed; bug #553403) [./Modules/expat/*]
+	- python2.4 <unfixable> (embed; bug #553403)
 	- python-4suite <unfixed> (embed; bug #516935)
 	- wxwindows2.4 <removed> (embed)
 	- wxwidgets2.6 <unfixed> (embed)
@@ -1093,10 +1093,10 @@
 	- tdom <unfixed> (embed)
 	- udunits <unfixed> (embed)
 	- apr-util 1.2 (embed)
-	- ayttm <unfixed> (embed)
+	- ayttm <unfxed> (embed; bug #561006)
 	- cableswig <unfixed> (embed)
 	- cadaver <unfixed> (embed)
-	- cmake <unfixed> (embed)
+	- cmake 2.6.0-6 (embed)
 	- coin3 <unfixed> (embed)
 	- gdcm <unfixed> (embed)
 	- ghostscript <unfixed> (embed)
@@ -1549,7 +1549,7 @@
 	- guile-1.6 <unfixed> (embed)
 	- hamlib <unfixed> (embed)
 	- hercules <unfixed> (embed)
-	- jags <unfixed> (embed; bug #560864)
+	- jags 1.0.4-3 (embed; bug #560864)
 	- kdelibs <unfixed> (embed)
 	- libannodex <removed> (embed)
 	- libextractor <unfixed> (embed)

More information about the Secure-testing-commits mailing list