[Secure-testing-commits] r13065 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Oct 21 23:05:30 UTC 2009 

Author: gilbert-guest
Date: 2009-10-21 23:05:29 +0000 (Wed, 21 Oct 2009)
New Revision: 13065

Modified:
   data/CVE/list
   data/embedded-code-copies
   data/package-tags
Log:
- as per discussion a while back, kompozer as unsupported
- chromium issue
- expat issue
- expat embeds
- track xerces old versions

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-21 22:26:56 UTC (rev 13064)
+++ data/CVE/list	2009-10-21 23:05:29 UTC (rev 13065)
@@ -1,3 +1,7 @@
+CVE-2009-XXXX [chromium: rss xss]
+	- chromium-browser <itp> (low; bug #520324)
+	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
+	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3733
 	RESERVED
 CVE-2009-3732
@@ -3525,6 +3529,9 @@
 	- sun-java6 6-15-1
 	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
 	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
+	- expat <unfixed> (medium; bug #551936)
+	- w3c-libwww <unfixed> (medium; bug #551938)
+	- python-xml <unfixed> (medium; bug #551939)
 CVE-2009-2624
 	RESERVED
 CVE-2009-2623

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-10-21 22:26:56 UTC (rev 13064)
+++ data/embedded-code-copies	2009-10-21 23:05:29 UTC (rev 13065)
@@ -975,3 +975,14 @@
 
 tuxonice-userui
 	- suspend2-userui <removed> (old-version)
+
+expat
+	- w3c-www <unfixed> (embed; bug #551941) [./modules/expat/*]
+	- python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*]
+
+xerces-c
+	- xerces-c2 <unfixed> (old-version)
+	- xerces27 <removed> (old-version)
+
+md5 (RSA's version; not the gnu version provided by coreutils)
+	- w3c-www <unfixed> (embed; bug #551942) [./modules/md5/*]

Modified: data/package-tags
===================================================================
--- data/package-tags	2009-10-21 22:26:56 UTC (rev 13064)
+++ data/package-tags	2009-10-21 23:05:29 UTC (rev 13065)
@@ -27,3 +27,6 @@
 
 [etch] clamav <unsupported> (No signature updates anymore, should be taken from volatile)
 [lenny] clamav <unsupported> (No signature updates anymore, should be taken from volatile)
+
+[sid] kompozer <unsupported> (vulnerable to all xulrunner issues, but intended use is not for untrusted or networked sources)
+[squeeze] kompozer <unsupported> (vulnerable to all xulrunner issues, but intended use is not for untrusted or networked sources)

More information about the Secure-testing-commits mailing list