[Secure-testing-commits] r13575 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Wed Dec 16 20:48:06 UTC 2009 

Author: jmm-guest
Date: 2009-12-16 20:48:05 +0000 (Wed, 16 Dec 2009)
New Revision: 13575

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
* xulrunner fixed
* clamav ltdl copy fixed some time ago
* celementtree expat copy fixed before etch release


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-16 17:28:08 UTC (rev 13574)
+++ data/CVE/list	2009-12-16 20:48:05 UTC (rev 13575)
@@ -916,19 +916,19 @@
 	- xulrunner <not-affected> (Windows-specific vulnerability)
 CVE-2009-3986 [Privilege escalation via chrome window.opener]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 CVE-2009-3985 [URL spoofing via invalid document.location]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 CVE-2009-3984 [SSL spoofing with document.location]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 CVE-2009-3983 [NTLM reflection vulnerability]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 CVE-2009-3982 [Crashes with evidence of memory corruption]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 CVE-2009-3981 [Crashes with evidence of memory corruption]
 	RESERVED
@@ -936,11 +936,11 @@
 	NOTE: Only affects Firefox 3
 CVE-2009-3980 [Crashes with evidence of memory corruption]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 CVE-2009-3979 [Crashes with evidence of memory corruption]
 	RESERVED
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
 	- xulrunner 1.9.1.5-1 (unimportant)
 	NOTE: Browser crashes not treated as security issues
@@ -1589,7 +1589,9 @@
 	- synfig <unfixed> (low; bug #559829)
 	- xmlsec1 1.2.14-1 (unimportant; bug #559831)
 	NOTE: Embedded code copy isn't used
-	- clamav <unfixed> (low; bug #559832)
+	- clamav 0.95+dfsg-1 (low; bug #559832)
+	[lenny] - clamav <no-dsa> (Minor issue)
+	[etch] - clamav <no-dsa> (Minor issue)
 	- imagemagick <unfixed> (low; bug #559833)
 	- hypre 2.4.0b-5 (low; bug #559834)
 	[etch] - hypre <no-dsa> (Minor issue)
@@ -1684,9 +1686,6 @@
 	[lenny] - wxwidgets2.6 <no-dsa> (minor issue)
 	- wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
 	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
-	- celementtree <unfixed> (low; bug #560918)
-	[etch] - celementtree <no-dsa> (minor issue)
-	[lenny] - celementtree <no-dsa> (minor issue)
 	- audacity <unfixed> (low; bug #560919)
 	[etch] - audacity <no-dsa> (minor issue)
 	[lenny] - audacity <no-dsa> (minor issue)
@@ -2190,9 +2189,6 @@
 	[lenny] - wxwidgets2.6 <no-dsa> (minor issue)
 	- wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
 	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
-	- celementtree <unfixed> (low; bug #560918)
-	[etch] - celementtree <no-dsa> (minor issue)
-	[lenny] - celementtree <no-dsa> (minor issue)
 	- audacity <unfixed> (low; bug #560919)
 	[etch] - audacity <no-dsa> (minor issue)
 	[lenny] - audacity <no-dsa> (minor issue)
@@ -2695,12 +2691,12 @@
 CVE-2009-3389 [libtheora/Firefox]
 	RESERVED
 	- libtheora 1.1
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
 CVE-2009-3388 [liboggplay/Firefox]
 	RESERVED
 	- liboggplay <unfixed>
-	- xulrunner <unfixed>
+	- xulrunner 1.9.1.6-1
 	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
 CVE-2009-3387
 	RESERVED

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-16 17:28:08 UTC (rev 13574)
+++ data/embedded-code-copies	2009-12-16 20:48:05 UTC (rev 13575)
@@ -1087,7 +1087,8 @@
 	- wxwindows2.4 <removed> (embed)
 	- wxwidgets2.6 2.6.3.2.2-4 (embed)
 	- wxwidgets2.8 2.8.10.1-2 (embed)
-	- celementtree <unfixed> (embed)
+	- celementtree 1.0.5-8 (embed)
+	NOTE: Maybe that was fixed even earlier
 	- audacity 1.3.2-1 (embed)
 	- matanza <unfixed> (embed)
 	- tdom <unfixed> (embed)
@@ -1566,7 +1567,7 @@
 	- synfig <unfixed> (embed)
 	- unixodbc 2.2.4-5 (embed)
 	- xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
-	- clamav <unfixed> (embed)
+	- clamav 0.95+dfsg-1 (embed)
 	- imagemagick <unfixed> (embed)
 	- hypre 2.4.0b-5 (embed)
 	- lam <unfixed> (embed)

More information about the Secure-testing-commits mailing list