[Secure-testing-commits] r15730 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Dec 22 03:42:10 UTC 2010 

Author: gilbert-guest
Date: 2010-12-22 03:42:07 +0000 (Wed, 22 Dec 2010)
New Revision: 15730

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
midori info, various updates on embedded code copies

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-22 01:41:15 UTC (rev 15729)
+++ data/CVE/list	2010-12-22 03:42:07 UTC (rev 15730)
@@ -1063,6 +1063,7 @@
 	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
 CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...)
 	- dracut <not-affected> (vulnerable script not shipped)
+	- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
 CVE-2010-4175 [linux: integer overflow in RDS]
 	RESERVED
 	- linux-2.6 2.6.32-28 
@@ -1713,8 +1714,9 @@
 CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...)
 	- openconnect 2.25-0.1 (bug #590873)
 CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...)
-	- midori 0.2.7-1.1 (unimportant)
+	- midori 0.2.7-1.1 (unimportant; bug #607497)
 	NOTE: Current Midori SSL support is very limited
+	NOTE: Midori should not be used if SSL support is important to you
 CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with ...)
 	NOT-FOR-US: IBM OmniFind Enterprise Edition
 CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-12-22 01:41:15 UTC (rev 15729)
+++ data/embedded-code-copies	2010-12-22 03:42:07 UTC (rev 15730)
@@ -115,7 +115,7 @@
 	NOTE: somehow derived code base
 	- mono <unfixed> (embed)
 	TODO: check mozilla
-	- Linux kernels <unfixed> (embed)
+	- linux-2.6 <unfixed> (embed)
 	- pvpgn 1.7.8-2 (embed)
 	- mrtg 2.12.2-1 (embed)
 	- rpm <unknown> (embed)
@@ -131,8 +131,9 @@
 	- mirrordir <unfixed>
 	- poco <unfixed>
 	- klibc <unfixed>
-	- emboss <unfixed>
-	- ghostscript <unfixed>
+	- emboss 6.3.1-1 (embed) 
+	- ghostscript 8.71~dfsg2-6 (embed)
+        NOTE: ghostscript fixed sometime before this, but this is the version i checked 
 	- freeimage <unfixed>
 	- clamav <unfixed> (fork)
 	NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that"
@@ -296,7 +297,7 @@
 	- erlang <unfixed> (embed)
 	- ssed <unfixed> (embed)
 	- ircd-hybrid <unfixed> (static)
-	- emboss <unfixd>
+	- emboss <unfixed> (fork)
 	- cherokee <unfixed> (embed)
 	- oftc-hybrid 1.6.9.dfsg-1 (embed)
 	- ratbox-services <unfixed> (embed)
@@ -1238,6 +1239,7 @@
         NOTE: Might be fixed earlier. Lenny version recorded.
 	- dasher 4.7.3-1 (embed)
         NOTE: Might be fixed earlier. Lenny version recorded.
+        - emboss 6.3.1-1 (embed)
 	- gdcm 2.0.14-2 (embed)
 	- ghostscript 8.71~dfsg-2 (embed)
 	- grmonitor <removed> (embed)
@@ -2059,3 +2061,6 @@
 
 libasycns
         - loudmouth <unfixed> (embed; bug #566143)
+
+plplot
+        - emboss <unfixed> (fork)

More information about the Secure-testing-commits mailing list