[Secure-testing-commits] r13709 - in data: . CVE NMU

Mon Jan 4 18:45:03 UTC 2010

Author: jmm-guest
Date: 2010-01-04 18:44:59 +0000 (Mon, 04 Jan 2010)
New Revision: 13709

Modified:
   data/CVE/list
   data/NMU/list
   data/embedded-code-copies
Log:
* collectd/ltdl fixed
* fckeditor code copy back in otrs2 
* record lcms NMU
* tdom and paragui already use the system copy of expat
* remove explicit not-affected entry for apr-util/apache2 to
  be conformant with other packages: If a system copy
  has been fixed earlier than the current oldstable
  release we don't need to track the source package using
  the library
* openssh fixed


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-01-04 07:46:02 UTC (rev 13708)
+++ data/CVE/list	2010-01-04 18:44:59 UTC (rev 13709)
@@ -2004,7 +2004,7 @@
 	- camserv <unfixed> (low; bug #559800)
 	[lenny] - camserv <no-dsa> (Minor issue)
 	[etch] - camserv <no-dsa> (Minor issue)
-	- collectd <unfixed> (low; bug #559801)
+	- collectd 4.8.2-1 (low; bug #559801)
 	[lenny] - collectd <no-dsa> (Minor issue)
 	[etch] - collectd <no-dsa> (Minor issue)
 	- cvsnt <unfixed> (low; bug #559803)
@@ -2174,11 +2174,9 @@
 	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
 	- audacity 1.3.2-1 (unimportant; bug #560919)
 	- matanza <unfixed> (unimportant; bug #560920)
-	- tdom <unfixed> (low; bug #560921)
+	- tdom 0.8.3~20080525-1 (low; bug #560921)
 	[etch] - tdom <no-dsa> (minor issue)
-	[lenny] - tdom <no-dsa> (minor issue)
 	- udunits 2.1.8-4 (unimportant; bug #560922)
-	- apr-util <not-affected> (links to system expat)
 	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
 	[lenny] - ayttm <no-dsa> (minor issue)
@@ -2192,7 +2190,6 @@
 	- grmonitor <removed> (unimportant; bug #560931)
 	- iceape <unfixed> (unimportant; bug #560932)
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
-	- libparagui1.1 <unfixed> (unimportant; bug #560934)
 	- paraview <unfixed> (unimportant; bug #560935)
 	- poco <unfixed> (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
@@ -2215,7 +2212,6 @@
 	- kompozer 1:0.8~b1-2 (unimportant; bug #560944)
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
-	- apache2 <not-affected> (links to system expat)
 	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
 	- vnc4 <unfixed> (low; bug #560949)
 	[etch] - vnc4 <no-dsa> (minor issue)
@@ -2671,11 +2667,9 @@
 	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
 	- audacity 1.3.2-1 (unimportant; bug #560919)
 	- matanza <unfixed> (unimportant; bug #560920)
-	- tdom <unfixed> (low; bug #560921)
+	- tdom 0.8.3~20080525-1 (low; bug #560921)
 	[etch] - tdom <no-dsa> (minor issue)
-	[lenny] - tdom <no-dsa> (minor issue)
 	- udunits 2.1.8-4 (unimportant; bug #560922)
-	- apr-util <not-affected> (links to system expat)
 	- ayttm 0.6.1-2 (low; bug #560924)
 	[etch] - ayttm <no-dsa> (minor issue)
 	[lenny] - ayttm <no-dsa> (minor issue)
@@ -2689,7 +2683,6 @@
 	- grmonitor <removed> (unimportant; bug #560931)
 	- iceape <unfixed> (unimportant; bug #560932)
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
-	- libparagui1.1 <unfixed> (unimportant; bug #560934)
 	- paraview <unfixed> (unimportant; bug #560935)
 	- poco <unfixed> (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
@@ -2712,7 +2705,6 @@
 	- kompozer 1:0.8~b1-2 (low; bug #560944)
 	- vxl 1.13.0-2 (low; bug #560945)
 	- xulrunner <unfixed> (unimportant; bug #560946)
-	- apache2 <not-affected> (links to system expat)
 	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
 	- vnc4 <unfixed> (low; bug #560949)
 	[etch] - vnc4 <no-dsa> (minor issue)
@@ -16767,7 +16759,7 @@
 	- kfreebsd-7 7.1-1
 	[lenny] - kfreebsd-7 7.0-7lenny1
 CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
-	- openssh <unfixed> (low; bug #506115)
+	- openssh 1:5.2p1-1 (low; bug #506115)
 	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
 	[lenny] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
 CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...)

Modified: data/NMU/list
===================================================================
--- data/NMU/list	2010-01-04 07:46:02 UTC (rev 13708)
+++ data/NMU/list	2010-01-04 18:44:59 UTC (rev 13709)
@@ -181,4 +181,5 @@
 2009-12-06 libstruts1.2-java 1.2.9-3.1
 2009-12-16 cacti 0.8.7e-1.1
 2009-12-24 poppler 0.12.2-2.1
+2009-12-26 lcms 1.18.dfsg-1.1
 2010-01-02 phpldapadmin 1.1.0.7-1.1

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-04 07:46:02 UTC (rev 13708)
+++ data/embedded-code-copies	2010-01-04 18:44:59 UTC (rev 13709)
@@ -354,7 +354,7 @@
 	- karrigell <removed> (embed; bug #452598)
 	- gforge 4.6.99+svn6225-1 (embed)
 	- request-tracker3.8 <unfixed> (embed)
-        - otrs2 2.4.5-3 (embed)
+        - otrs2 <unfixed> (embed)
 
 ipatlas (not packaged in Debian)
 	- moodle <unfixed> (embed; bug #507185)
@@ -1102,7 +1102,7 @@
 	NOTE: Maybe that was fixed even earlier
 	- audacity 1.3.2-1 (embed)
 	- matanza <unfixed> (embed)
-	- tdom <unfixed> (embed)
+	- tdom 0.8.3~20080525-1 (embed)
 	- udunits 2.1.8-4 (embed)
 	- apr-util 1.2 (embed)
 	- ayttm <unfxed> (embed; bug #561006)
@@ -1116,7 +1116,7 @@
 	- iceape <unfixed> (embed)
 	- insighttoolkit 3.16.0-1 (embed)
         NOTE: insighttoolkit might've been fixed earlier
-	- libparagui1.1 <unfixed> (embed)
+	- libparagui1.1 1.0.2-1 (embed)
 	- paraview <unfixed> (embed)
 	- poco <unfixed> (embed)
 	- simgear <unfixed> (embed)


