[Secure-testing-commits] r13912 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Jan 25 02:58:08 UTC 2010 

Author: gilbert-guest
Date: 2010-01-25 02:58:08 +0000 (Mon, 25 Jan 2010)
New Revision: 13912

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
pidgin triage; various fixed embeds

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-01-25 02:07:26 UTC (rev 13911)
+++ data/CVE/list	2010-01-25 02:58:08 UTC (rev 13912)
@@ -366,8 +366,7 @@
 CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...)
 	NOT-FOR-US: PHP Inventory
 CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and ...)
-	- pidgin <unfixed>
-	TODO: check
+	- pidgin <unfixed> (low; bug #566775)
 CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
 	NOT-FOR-US: IBM Lotus iNotes
 CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)
@@ -3288,7 +3287,7 @@
 	- iceape <unfixed> (unimportant; bug #560932)
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
 	- paraview 3.6.2-1 (unimportant; bug #560935)
-	- poco <unfixed> (unimportant; bug #560936)
+	- poco 1.3.6p1-1 (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
 	- smart <unfixed> (low; bug #560953)
 	[etch] - smart <no-dsa> (minor issue)
@@ -3771,7 +3770,7 @@
 	- iceape <unfixed> (unimportant; bug #560932)
 	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
 	- paraview 3.6.2-1 (unimportant; bug #560935)
-	- poco <unfixed> (unimportant; bug #560936)
+	- poco 1.3.6p1-1 (unimportant; bug #560936)
 	- simgear <unfixed> (unimportant; bug #560937)
 	- smart <unfixed> (low; bug #560953)
 	[etch] - smart <no-dsa> (minor issue)
@@ -23502,8 +23501,7 @@
 	- pidgin <unfixed> (low; bug #488632)
 	[lenny] - pidgin <no-dsa> (Minor issue)
 	- gaim 1:2.0.0+fake.1
-	NOTE: gaim is now a transitional package depending on pidgin with its own source package
-	NOTE: jabber servers should not forward malformed XML
+	NOTE: there is no upstream fix available, so this issue cannot be fixed in debian, but it is a minor issue
 CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
 	- pidgin 2.4.3-4 (low; bug #488632)
 	- gaim 1:2.0.0+fake.1

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-01-25 02:07:26 UTC (rev 13911)
+++ data/embedded-code-copies	2010-01-25 02:58:08 UTC (rev 13912)
@@ -375,7 +375,7 @@
 libphp-phpmailer
 	- moodle <unfixed> (embed; bug #507185)
 	- mahara <unfixed> (embed)
-	- symfony <unfixed> (embed)
+	- symfony <unfixed> (embed; bug #566778)
 	[etch] - phpgroupware <unfixed> (embed)
 	NOTE: phpgroupware-felamimail is only in etch
 	- egroupware <unfixed> (embed; bug #504283)
@@ -751,8 +751,8 @@
 	- gollem <unfixed> (embed; bug # 555254)
 	- jscropperui 1.2.1-1 (embed; bug #555257)
 	- scriptaculous <not-affected> (uses system prototype.js since initial upload; bug #555260)
-	- ingo1 <unfixed> (embed; bug #555261)
-	- kronolith2 <unfixed> (embed; bug #555262)
+	- ingo1 1.2.3+debian0-1 (embed; bug #555261)
+	- kronolith2 2.3.3+debian0-1 (embed; bug #555262)
 	- activeldap <unfixed> (embed)			
 	- libv8 <not-affected> (contains a google-specific implementation of prototype.js)
 	- mantis 1.1.2+dfsg-1 (embed; bug #555265)
@@ -1137,7 +1137,7 @@
         NOTE: insighttoolkit might've been fixed earlier
 	- libparagui1.1 1.0.2-1 (embed)
 	- paraview 3.6.2-1 (embed)
-	- poco <unfixed> (embed)
+	- poco 1.3.6p1-1 (embed)
 	- simgear <unfixed> (embed)
 	- sitecopy 1:0.16.0-1
 	- smart 1.0-1 (embed)
@@ -1570,7 +1570,7 @@
 	- arts <unfixed> (embed)
 	- bochs 2.4.2-1 (embed; bug #560884)
 	- camserv <unfixed> (embed)
-	- collectd <unfixed> (embed)
+	- collectd 4.8.2-1 (embed)
 	- courier-authlib 0.58-4 (embed)
         NOTE: The etch version of courier-authlib was the earliest version checked, might be fixed earlier
 	- cvsnt <unfixed> (embed)
@@ -1581,7 +1581,7 @@
 	- glame 2.0.1-4 (embed)
         NOTE: The etch version of glame was the earliest version checked, might be fixed earlier
 	- gnash <unfixed> (embed)
-	- gnu-smalltalk <unfixed> (embed)
+	- gnu-smalltalk <unfixed> (embed; bug #566777)
 	- google-gadgets 0.10.5-0.3 (embed)
         NOTE: 0.10.5-0.3 was the earliest version checked, was fixed earlier
 	- graphicsmagick 1.3.5-6 (embed)
@@ -1593,11 +1593,11 @@
 	- jags 1.0.4-3 (embed; bug #560864)
 	- kdelibs <unfixed> (embed)
 	- libannodex <removed> (embed)
-	- libextractor <unfixed> (embed)
+	- libextractor 0.5.23+dfsg-4 (embed)
 	- libmcrypt <not-affected> (libtool source present but not included in any of the binary packages)
 	- libtunepimp <unfixed> (embed)
 	- mp4h <unfixed> (embed)
-	- naim <unfixed> (embed)
+	- naim <removed> (embed)
 	- parser-mysql <unfixed> (embed)
 	- pinball 0.3.1-11 (embed)
 	- redland <unfixed> (embed)

More information about the Secure-testing-commits mailing list