[Secure-testing-commits] r13601 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sat Dec 19 14:41:52 UTC 2009 

Author: jmm-guest
Date: 2009-12-19 14:41:52 +0000 (Sat, 19 Dec 2009)
New Revision: 13601

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
expat updates:
- udunits fixed recently
- vtk fixed in 2003
- texlive not affected
- mark poco and simgear as unimportant

parser not affected by ltdl issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-19 13:50:08 UTC (rev 13600)
+++ data/CVE/list	2009-12-19 14:41:52 UTC (rev 13601)
@@ -1709,7 +1709,8 @@
 	- openmpi 1.3.3-4 (low; bug #559836)
 	[lenny] - openmpi <no-dsa> (Minor issue)
 	[etch] - openmpi <no-dsa> (Minor issue)
-	- parser <unfixed> (low; bug #559837)
+	- parser <unfixed> (unimportant; bug #559837)
+        NOTE: users with write access can modify configuration to load new extensions, see #559837
 	- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
 	- sbnc <not-affected> (All released/unstable versions use the system copy of libtool)
 	- sdcc <unfixed> (low; bug #559840)
@@ -1803,7 +1804,7 @@
 	- tdom <unfixed> (low; bug #560921)
 	[etch] - tdom <no-dsa> (minor issue)
 	[lenny] - tdom <no-dsa> (minor issue)
-	- udunits <unfixed> (low; bug #560922)
+	- udunits 2.1.8-4 (unimportant; bug #560922)
 	- apr-util <not-affected> (links to system expat)
 	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
@@ -1819,8 +1820,7 @@
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
 	- libparagui1.1 <unfixed> (unimportant; bug #560934)
 	- paraview <unfixed> (unimportant; bug #560935)
-	- poco <unfixed> (low; bug #560936)
-	[lenny] - poco <no-dsa> (minor issue)
+	- poco <unfixed> (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
 	- smart <unfixed> (low; bug #560953)
 	[etch] - smart <no-dsa> (minor issue)
@@ -1831,9 +1831,6 @@
 	- tla <unfixed> (low; bug #560940)
 	[etch] - tla <no-dsa> (minor issue)
 	[lenny] - tla <no-dsa> (minor issue)
-	- vtk <unfixed> (low; bug #560952)
-	[etch] - vtk <no-dsa> (minor issue)
-	[lenny] - vtk <no-dsa> (minor issue)
 	- wbxml2 <unfixed> (low; bug #560941)
 	[etch] - wbxml2 <no-dsa> (minor issue)
 	[lenny] - wbxml2 <no-dsa> (minor issue)
@@ -1845,8 +1842,8 @@
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
 	- apache2 <not-affected> (links to system expat)
-	- texlive-bin <unfixed> (unimportant; bug #560948)
-	- vnc4 <unfixed> (low; bug #560951)
+	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
+	- vnc4 <unfixed> (low; bug #560949)
 	[etch] - vnc4 <no-dsa> (minor issue)
 	[lenny] - vnc4 <no-dsa> (minor issue)
 	- xotcl <unfixed> (low; bug #560952)
@@ -2305,7 +2302,7 @@
 	- tdom <unfixed> (low; bug #560921)
 	[etch] - tdom <no-dsa> (minor issue)
 	[lenny] - tdom <no-dsa> (minor issue)
-	- udunits <unfixed> (low; bug #560922)
+	- udunits 2.1.8-4 (unimportant; bug #560922)
 	- apr-util <not-affected> (links to system expat)
 	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
@@ -2326,11 +2323,8 @@
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
 	- libparagui1.1 <unfixed> (unimportant; bug #560934)
 	- paraview <unfixed> (unimportant; bug #560935)
-	- poco <unfixed> (low; bug #560936)
-	[lenny] - poco <no-dsa> (minor issue)
-	- simgear <unfixed> (low; bug #560937)
-	[etch] - simgear <no-dsa> (minor issue)
-	[lenny] - simgear <no-dsa> (minor issue)
+	- poco <unfixed> (unimportant; bug #560936)
+	- simgear <unfixed> (unimportant; bug #560937)
 	- smart <unfixed> (low; bug #560953)
 	[etch] - smart <no-dsa> (minor issue)
 	[lenny] - smart <no-dsa> (minor issue)
@@ -2340,9 +2334,6 @@
 	- tla <unfixed> (low; bug #560940)
 	[etch] - tla <no-dsa> (minor issue)
 	[lenny] - tla <no-dsa> (minor issue)
-	- vtk <unfixed> (low; bug #560952)
-	[etch] - vtk <no-dsa> (minor issue)
-	[lenny] - vtk <no-dsa> (minor issue)
 	- wbxml2 <unfixed> (low; bug #560941)
 	[etch] - wbxml2 <no-dsa> (minor issue)
 	[lenny] - wbxml2 <no-dsa> (minor issue)
@@ -2358,10 +2349,8 @@
 	[etch] - xulrunner <no-dsa> (minor issue)
 	[lenny] - xulrunner <no-dsa> (minor issue)
 	- apache2 <not-affected> (links to system expat)
-	- texlive-bin <unfixed> (low; bug #560948)
-	[etch] - texlive-bin <no-dsa> (minor issue)
-	[lenny] - texlive-bin <no-dsa> (minor issue)
-	- vnc4 <unfixed> (low; bug #560951)
+	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
+	- vnc4 <unfixed> (low; bug #560949)
 	[etch] - vnc4 <no-dsa> (minor issue)
 	[lenny] - vnc4 <no-dsa> (minor issue)
 	- xotcl <unfixed> (low; bug #560952)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-19 13:50:08 UTC (rev 13600)
+++ data/embedded-code-copies	2009-12-19 14:41:52 UTC (rev 13601)
@@ -1093,7 +1093,7 @@
 	- audacity 1.3.2-1 (embed)
 	- matanza <unfixed> (embed)
 	- tdom <unfixed> (embed)
-	- udunits <unfixed> (embed)
+	- udunits 2.1.8-4 (embed)
 	- apr-util 1.2 (embed)
 	- ayttm <unfxed> (embed; bug #561006)
 	- cableswig <unfixed> (embed)
@@ -1114,7 +1114,7 @@
 	- smart 1.0-1 (embed)
 	- swish-e <unfixed> (embed)
 	- tla <unfixed> (embed)
-	- vtk <unfixed> (embed)
+	- vtk 4.1.20030227-1 (embed)
 	- wbxml2 <unfixed> (embed)
 	- xmlrpc-c <unfixed> (embed)
 	- iceweasel <unfixed> (embed)
@@ -1122,7 +1122,7 @@
 	- vxl 1.13.0-2 (embed)
 	- xulrunner <unfixed> (embed)
 	- apache2 2.2 (embed)
-	- texlive-bin <unfixed> (embed) [included twice]
+	- texlive-bin <not-affected> (Embedded code not compiled in)
 	- vnc4 <unfixed> (embed)
 	- xotcl <unfixed> (embed)

More information about the Secure-testing-commits mailing list