[Secure-testing-commits] r13912 - in data: . CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Mon Jan 25 02:58:08 UTC 2010
Author: gilbert-guest
Date: 2010-01-25 02:58:08 +0000 (Mon, 25 Jan 2010)
New Revision: 13912
Modified:
data/CVE/list
data/embedded-code-copies
Log:
pidgin triage; various fixed embeds
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-25 02:07:26 UTC (rev 13911)
+++ data/CVE/list 2010-01-25 02:58:08 UTC (rev 13912)
@@ -366,8 +366,7 @@
CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...)
NOT-FOR-US: PHP Inventory
CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...)
- - pidgin <unfixed>
- TODO: check
+ - pidgin <unfixed> (low; bug #566775)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)
@@ -3288,7 +3287,7 @@
- iceape <unfixed> (unimportant; bug #560932)
- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
- paraview 3.6.2-1 (unimportant; bug #560935)
- - poco <unfixed> (unimportant; bug #560936)
+ - poco 1.3.6p1-1 (unimportant; bug #560936)
- simgear <unfixed> (unimportant; bug #560937)
- smart <unfixed> (low; bug #560953)
[etch] - smart <no-dsa> (minor issue)
@@ -3771,7 +3770,7 @@
- iceape <unfixed> (unimportant; bug #560932)
- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
- paraview 3.6.2-1 (unimportant; bug #560935)
- - poco <unfixed> (unimportant; bug #560936)
+ - poco 1.3.6p1-1 (unimportant; bug #560936)
- simgear <unfixed> (unimportant; bug #560937)
- smart <unfixed> (low; bug #560953)
[etch] - smart <no-dsa> (minor issue)
@@ -23502,8 +23501,7 @@
- pidgin <unfixed> (low; bug #488632)
[lenny] - pidgin <no-dsa> (Minor issue)
- gaim 1:2.0.0+fake.1
- NOTE: gaim is now a transitional package depending on pidgin with its own source package
- NOTE: jabber servers should not forward malformed XML
+ NOTE: there is no upstream fix available, so this issue cannot be fixed in debian, but it is a minor issue
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
- pidgin 2.4.3-4 (low; bug #488632)
- gaim 1:2.0.0+fake.1
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-01-25 02:07:26 UTC (rev 13911)
+++ data/embedded-code-copies 2010-01-25 02:58:08 UTC (rev 13912)
@@ -375,7 +375,7 @@
libphp-phpmailer
- moodle <unfixed> (embed; bug #507185)
- mahara <unfixed> (embed)
- - symfony <unfixed> (embed)
+ - symfony <unfixed> (embed; bug #566778)
[etch] - phpgroupware <unfixed> (embed)
NOTE: phpgroupware-felamimail is only in etch
- egroupware <unfixed> (embed; bug #504283)
@@ -751,8 +751,8 @@
- gollem <unfixed> (embed; bug # 555254)
- jscropperui 1.2.1-1 (embed; bug #555257)
- scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
- - ingo1 <unfixed> (embed; bug #555261)
- - kronolith2 <unfixed> (embed; bug #555262)
+ - ingo1 1.2.3+debian0-1 (embed; bug #555261)
+ - kronolith2 2.3.3+debian0-1 (embed; bug #555262)
- activeldap <unfixed> (embed)
- libv8 <not-affected> (contains a google-specific implementation of prototype.js)
- mantis 1.1.2+dfsg-1 (embed; bug #555265)
@@ -1137,7 +1137,7 @@
NOTE: insighttoolkit might've been fixed earlier
- libparagui1.1 1.0.2-1 (embed)
- paraview 3.6.2-1 (embed)
- - poco <unfixed> (embed)
+ - poco 1.3.6p1-1 (embed)
- simgear <unfixed> (embed)
- sitecopy 1:0.16.0-1
- smart 1.0-1 (embed)
@@ -1570,7 +1570,7 @@
- arts <unfixed> (embed)
- bochs 2.4.2-1 (embed; bug #560884)
- camserv <unfixed> (embed)
- - collectd <unfixed> (embed)
+ - collectd 4.8.2-1 (embed)
- courier-authlib 0.58-4 (embed)
NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
- cvsnt <unfixed> (embed)
@@ -1581,7 +1581,7 @@
- glame 2.0.1-4 (embed)
NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
- gnash <unfixed> (embed)
- - gnu-smalltalk <unfixed> (embed)
+ - gnu-smalltalk <unfixed> (embed; bug #566777)
- google-gadgets 0.10.5-0.3 (embed)
NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
- graphicsmagick 1.3.5-6 (embed)
@@ -1593,11 +1593,11 @@
- jags 1.0.4-3 (embed; bug #560864)
- kdelibs <unfixed> (embed)
- libannodex <removed> (embed)
- - libextractor <unfixed> (embed)
+ - libextractor 0.5.23+dfsg-4 (embed)
- libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
- libtunepimp <unfixed> (embed)
- mp4h <unfixed> (embed)
- - naim <unfixed> (embed)
+ - naim <removed> (embed)
- parser-mysql <unfixed> (embed)
- pinball 0.3.1-11 (embed)
- redland <unfixed> (embed)
More information about the Secure-testing-commits
mailing list