[Secure-testing-commits] r13672 - in data: . CVE

Tue Dec 29 16:04:47 UTC 2009

Author: gilbert-guest
Date: 2009-12-29 16:04:45 +0000 (Tue, 29 Dec 2009)
New Revision: 13672

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
some removed packages

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-12-29 05:50:43 UTC (rev 13671)
+++ data/CVE/list	2009-12-29 16:04:45 UTC (rev 13672)
@@ -2566,6 +2566,7 @@
 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
 	{DSA-1953-1}
 	- expat 2.0.1-6 (low; bug #560901)
+	TODO: reissue DSA due to regression in perl xml parser.  see http://mail.libexpat.org/pipermail/expat-discuss/2009-December/002644.html (new patch not yet available).
 	- w3c-libwww <removed>
 	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
 	- python-xml <removed> (low; bug #560951)
@@ -3674,9 +3675,9 @@
 	- mediatomb <unfixed> (low; bug #555232)
 	[lenny] - mediatomb <no-dsa> (minor issue)
 	- op-panel 0.30~dfsg-1 (low; bug #555234)
-	- ebug-http <unfixed> (low; bug #555235)
+	- ebug-http <removed> (low; bug #555235)
 	[lenny] - ebug-http <no-dsa> (Minor issue)
-	- poker-network <unfixed> (low; bug #555237)
+	- poker-network <removed> (low; bug #555237)
 	[etch] - poker-network <no-dsa> (minor issue)
 	- webhelpers 0.3.4-2 (low; bug #555239)
 	- qwik <unfixed> (low; bug #555240)
@@ -40522,9 +40523,9 @@
 	TODO:	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
 	- mediatomb 0.11.0-3 (low; bug #555232)
 	- op-panel 0.30~dfsg-1 (low; bug #555234)
-	- ebug-http <unfixed> (low; bug #555235)
+	- ebug-http <removed> (low; bug #555235)
 	[lenny] - ebug-http <no-dsa> (Minor issue)
-	- poker-network <unfixed> (low; bug #555237)
+	- poker-network <removed> (low; bug #555237)
 	[etch] - poker-network <no-dsa> (minor issue)
 	- webhelpers <not-affected> (fixed since initial inclusion)
 	- qwik <unfixed> (low; bug #555240)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-12-29 05:50:43 UTC (rev 13671)
+++ data/embedded-code-copies	2009-12-29 16:04:45 UTC (rev 13672)
@@ -714,10 +714,10 @@
 	- knowledgeroot <unfixed> (embed; bug #555230)
 	- mediatomb <unfixed> (embed; bug #555233)
 	- mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
-	- ebug-http <unfixed> (embed; bug #555236)
+	- ebug-http <removed> (embed; bug #555236)
 	- libaws 2.7-1 (embed; bug #555222)
 	- phpgedview <removed> (embed)
-	- poker-network <unfixed> (embed; bug #555238)
+	- poker-network <removed> (embed; bug #555238)
 	- rails 2.1.0-6 (embed)
 	- wordpress 2.5.0-2 (embed; bug #555243)
 	- zope <not-affected> (the prototypejs embed is not in any of the obvious zope packages, e.g. zope2.9, zope2.10, zope2.11, and zope3)
@@ -1054,7 +1054,7 @@
 	NOTE: likely fixed earlier, marking etch's version as fixed
 
 linux-2.6
-	- kvm <unfixed> (embed; bug #549973) [./kernel/*]
+	- kvm <removed> (embed; bug #549973) [./kernel/*]
 	- linux-kbuild-2.6 <unfixed> (embed; bug #550379) [./kbuild/*]
 	- kernel-source-2.6.8 <removed> (old-version)
 	- kernel-source-2.4.27 <removed> (old-version)
@@ -1063,7 +1063,8 @@
 	- kernel-source-2.2.20 <removed> (old-version)
 
 libfdt (not yet packaged separately for debian; http://www.jdl.com/software/)
-	- kvm <unfixed> (embed) [./libfdt/*]
+	- kvm <removed> (embed) [./libfdt/*]
+	- qemu-kvm <unfixed> (embed) [./libfdt/*]
 
 qweb (not packaged)
 	- ajaxterm <unfixed>


