[Secure-testing-commits] r15026 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Jul 27 02:59:06 UTC 2010
Author: jmm-guest
Date: 2010-07-27 02:59:06 +0000 (Tue, 27 Jul 2010)
New Revision: 15026
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- fix incorrect Plone NFU
- spu status updates
- openttd CVEfied
- libesmtp fixed
- Mozilla fixes
- new rpcbind issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-07-26 21:14:53 UTC (rev 15025)
+++ data/CVE/list 2010-07-27 02:59:06 UTC (rev 15026)
@@ -264,12 +264,24 @@
RESERVED
CVE-2010-2754
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2753
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2752
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2751
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2750
RESERVED
CVE-2010-2749
@@ -773,6 +785,9 @@
RESERVED
CVE-2010-2534
RESERVED
+ - openttd <unfixed>
+ [lenny] - openttd <not-affected> (Introduced in 1.0.1)
+ NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
RESERVED
CVE-2010-2532
@@ -1062,7 +1077,7 @@
CVE-2010-2423
RESERVED
CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...)
- NOT-FOR-US: PortalTransforms
+ - plone3 <undetermined>
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...)
NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
@@ -1975,6 +1990,7 @@
NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
CVE-2010-2064
RESERVED
+ - rpcbind <undetermined>
CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the ...)
{DSA-2061-1}
- samba 2:3.4.0~pre1-1 (high)
@@ -4402,22 +4418,37 @@
RESERVED
CVE-2010-1214
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1213
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1212
RESERVED
CVE-2010-1211
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1210
RESERVED
CVE-2010-1209
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1208
RESERVED
+ - xulrunner 1.9.1.11-1
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1207
RESERVED
CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in ...)
- - iceweasel <unfixed> (low)
+ - iceweasel 3.5.11-1
[lenny] - iceweasel <not-affected> (Vulnerable code not present)
NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714
CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...)
@@ -5598,7 +5629,7 @@
[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
- shibboleth-sp <not-affected> (Vulnerable code not present)
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...)
- - libesmtp <unfixed> (bug #572960)
+ - libesmtp 1.0.4-5 (bug #572960)
[lenny] - libesmtp <no-dsa> (Minor issue)
NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
@@ -6079,7 +6110,9 @@
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...)
- - xulrunner <undetermined> (bug #570743)
+ - xulrunner 1.9.1.11-1 (bug #570743)
+ - iceape 2.0.6-1
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2010-07-26 21:14:53 UTC (rev 15025)
+++ data/spu-candidates.txt 2010-07-27 02:59:06 UTC (rev 15026)
@@ -16,8 +16,8 @@
notified maintainer
CVE-2009-4839 CVE-2009-4838 CVE-2009-4837
+maintainer contacted us, notified about spu status
-
--
acl (CVE-2009-4411)
@@ -221,6 +221,7 @@
libesmtp (CVE-2010-1192)
#572960
+maintainer contacted us, notified about spu status
--
More information about the Secure-testing-commits
mailing list