[Secure-testing-commits] r14202 - in data: CVE DSA

Michael Gilbert gilbert-guest at alioth.debian.org
Sat Mar 6 22:38:21 UTC 2010 

Author: gilbert-guest
Date: 2010-03-06 22:38:20 +0000 (Sat, 06 Mar 2010)
New Revision: 14202

Modified:
   data/CVE/list
   data/DSA/list
Log:
remove uses of unimportant for issues which have had DSAs, SPUs, or others released since that indicates at least minimal importance (addresses some more latently vulnerable issues)

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-03-06 21:55:31 UTC (rev 14201)
+++ data/CVE/list	2010-03-06 22:38:20 UTC (rev 14202)
@@ -6916,7 +6916,7 @@
 CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c ...)
 	{DSA-1879-1}
 	- silc-toolkit 1.1.10-1 (low)
-	- silc-client <not-affected> (Vulnerable code not present)
+	- silc-client 1.1-2 (low)
 	- silc-server 1.1.2-1 (low)
 	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
 CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC ...)
@@ -8626,9 +8626,9 @@
 CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
 	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
 CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
-	- freebsd-8 <undetermined> (bug #527811)
-	- freebsd-7 <undetermined> (bug #527811)
-	- freebsd-6 <removed> (bug #527811)
+	- kfreebsd-8 <undetermined> (bug #527811)
+	- kfreebsd-7 <undetermined> (bug #527811)
+	- kfreebsd-6 <removed> (bug #527811)
 CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...)
 	NOT-FOR-US: FlashDen Guestbook
 CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...)
@@ -10715,7 +10715,7 @@
 	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
 CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...)
 	{DSA-1929-1}
-	- linux-2.6 2.6.19-1 (unimportant)
+	- linux-2.6 2.6.19-1
 	- linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
 	NOTE: See Solar Designer's posting to oss-security
 CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...)
@@ -13013,7 +13013,7 @@
 	[etch] - screen <not-affected> (etch version predates #433338)
 	[lenny] - screen 4.0.3-11+lenny1
 CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
-	- screen 4.0.3-13 (unimportant; bug #521123)
+	- screen 4.0.3-13 (bug #521123)
 	[lenny] - screen 4.0.3-11+lenny1
 	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
 CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
@@ -14189,7 +14189,7 @@
 	NOT-FOR-US: NetMRI
 CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
-	- linux-2.6 2.6.29-1 (unimportant)
+	- linux-2.6 2.6.29-1
 	NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
 	NOTE: for locally modified configs and even for that I fail to
 	NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM?
@@ -14231,7 +14231,7 @@
 	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
 CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
 	{DSA-1914-1}
-	- mapserver 5.2.2-1 (unimportant; bug #523027)
+	- mapserver 5.2.2-1 (bug #523027)
 	NOTE: this can only probe for files that are not present, useless when not
 	NOTE: in combination with another attack
 CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
@@ -14239,7 +14239,7 @@
 	- mapserver 5.2.2-1 (low; bug #523027)
 CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
 	{DSA-1914-1}
-	- mapserver 5.2.2-1 (unimportant; bug #523027)
+	- mapserver 5.2.2-1 (bug #523027)
 	NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
 CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
 	{DSA-1914-1}
@@ -19213,9 +19213,9 @@
 	TODO: write proper advisory and request CVE id
 CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
 	{DTSA-188-1}
-	- php5 5.2.6.dfsg.1-3 (unimportant; bug #507101)
+	- php5 5.2.6.dfsg.1-3 (bug #507101)
 	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
-	- php4 <removed> (unimportant)
+	- php4 <removed>
 	NOTE: if a user has write access to a file he simply can use fopen()
 CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
 	- wordpress 2.5.1-11 (low; bug #507193)
@@ -19248,7 +19248,7 @@
 	NOTE: overlaps with CVE-2008-4610, same aac issue
 	NOTE: just a crasher, no security implications known so far
 CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...)
-	- xine-lib 1.1.16-1 (unimportant; bug #508716)
+	- xine-lib 1.1.16-1 (bug #508716)
 	[lenny] - xine-lib 1.1.14-4
 	[squeeze] - xine-lib 1.1.14-4
 	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
@@ -20072,7 +20072,7 @@
 	[lenny] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
 CVE-2008-5186 (** DISPUTED ** ...)
 	{DTSA-179-1}
-	- geshi 1.0.8.1-1 (unimportant; bug #504445)
+	- geshi 1.0.8.1-1 (bug #504445)
 	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
 	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
 	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
@@ -20727,7 +20727,7 @@
 	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
 CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...)
 	{DTSA-181-1}
-	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
+	- mplayer 1.0~rc2-20 (bug #407010)
 	NOTE: only the aac issue affected mplayer because it built against a copy of faad
 	NOTE: the ogm issue is a problem in ffmpeg
 	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
@@ -23479,8 +23479,8 @@
 	- libxml2 2.6.32.dfsg-4 (bug #498768)
 CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
 	{DSA-1687-1 DSA-1681-1}
-	- linux-2.6 2.6.26-11 (unimportant)
-	- linux-2.6.24 2.6.24-6~etchnhalf.7 (unimportant)
+	- linux-2.6 2.6.26-11
+	- linux-2.6.24 2.6.24-6~etchnhalf.7
 	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
 	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
 	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
@@ -23662,7 +23662,7 @@
 	NOT-FOR-US: Vtiger CRM
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
 	{DSA-1641-1}
-	- phpmyadmin 4:2.11.8~rc1-1 (unimportant)
+	- phpmyadmin 4:2.11.8~rc1-1
 	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
 CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
 	NOT-FOR-US: JnSHosts PHP Hosting Directory
@@ -24387,7 +24387,7 @@
 	NOT-FOR-US: Soldner Secret Wars
 CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...)
 	{DSA-1903-1}
-	- graphicsmagick 1.2.4-1 (unimportant; bug #491439)
+	- graphicsmagick 1.2.4-1 (bug #491439)
 	- imagemagick <unfixed> (unimportant; bug #559775)
 	NOTE: several DoS fixed in 1.2.4 according to upstream
 	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
@@ -28189,7 +28189,7 @@
 	NOTE: comix can't be used in a non-interactive setup thus the impact level
 CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...)
 	{DSA-1557-1}
-	- phpmyadmin 2.11.5.1 (unimportant)
+	- phpmyadmin 2.11.5.1
 	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
 	NOTE: It is a workaround for the limited security that PHP has for
 	NOTE: session files on a shared host. This limitation is documented with
@@ -28561,7 +28561,7 @@
 	NOTE: etch affected, but only in specific plugin.
 CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
 	{DSA-1572-1 DTSA-135-1}
-	- php5 5.2.6-1 (unimportant)
+	- php5 5.2.6-1
 	NOTE: http://securityreason.com/achievement_securityalert/52
 	NOTE: Only exploitable through malicious script
 	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
@@ -30448,6 +30448,7 @@
 	- iceweasel 2.0.0.12-1
 	- xulrunner 1.8.1.12-1
 	- iceape 1.1.9-1
+	- icedove 2.0.0.12-1
 CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and ...)
 	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
 	- iceweasel 2.0.0.12-1
@@ -30465,6 +30466,7 @@
 	- iceweasel 2.0.0.12-1
 	- xulrunner 1.8.1.12-1
 	- iceape 1.1.9-1
+	- icedove 2.0.0.12-1
 CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows ...)
 	NOT-FOR-US: WS_FTP Server with SSH
 CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...)
@@ -32115,7 +32117,7 @@
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
 CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to ...)
-	- vlc 0.8.6.c-4.1 (unimportant; bug #458318)
+	- vlc 0.8.6.c-4.1 (bug #458318)
 	[lenny] - vlc 0.8.6.c-4.1~lenny1
 	NOTE: That's hardly a security problem, just a bug
 CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...)
@@ -35875,7 +35877,7 @@
 	NOT-FOR-US: Pindorama
 CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
 	{DSA-1403-1}
-	- phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
+	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
 	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
 CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
 	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
@@ -37110,8 +37112,7 @@
 	NOT-FOR-US: Media Player Classic
 CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
 	{DTSA-65-1}
-	- mplayer 1.0~rc1-16.1 (bug #443478; unimportant)
-	NOTE: just a NULL pointer dereference, not treated as a security problem for this class of applications
+	- mplayer 1.0~rc1-16.1 (bug #443478)
 CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
 	NOT-FOR-US: CS Guestbook
 CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
@@ -37806,9 +37807,8 @@
 	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
 CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
 	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
-	- php5 5.2.4-1 (unimportant)
-	- php4 <removed> (unimportant)
-	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
+	- php5 5.2.4-1
+	- php4 <removed>
 	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
 	NOTE: Only exploitable by malicious script
 CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
@@ -39184,7 +39184,7 @@
 	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
 	{DSA-1471-1}
-	- libvorbis 1.2.0.dfsg-1 (unimportant)
+	- libvorbis 1.2.0.dfsg-1
 	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
 	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
 CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
@@ -40650,7 +40650,7 @@
 	NOT-FOR-US: Sun Solaris
 CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote ...)
 	{DSA-1332-1}
-	- vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
+	- vlc 0.8.6.c.debian-1 (bug #429726)
 CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN ...)
 	{DSA-1332-1}
 	- vlc 0.8.6.c-1 (bug #429726)
@@ -41281,9 +41281,7 @@
 	- flyspray 0.9.8-12 (bug #429191; bug #429195)
 	[etch] - flyspray <not-affected> (Vulnerable code not)
 	[sarge] - flyspray <not-affected> (Vulnerable code not included)
-	- moodle <not-affected> (Doesn't affect moodle per maintainer)
-	[lenny] - moodle 1.8.2-2 (bug #429190)
-	[etch] - moodle 1.6.3-2+etch1 (bug #429339)
+	- moodle 1.8.2-2 (bug #429190)
 	- owl-dms 0.94-2 (bug #429197)
 	- knowledgeroot 0.9.8.2-2 (bug #429196)
 	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
@@ -42982,7 +42980,7 @@
 	NOT-FOR-US: Alcatel-Lucent
 CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
 	{DTSA-39-1}
-	- php5 5.2.2-1 (unimportant)
+	- php5 5.2.2-1
 	NOTE: Only triggerable by malicious script
 CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
 	{DSA-1295-1 DTSA-39-1}
@@ -43101,7 +43099,7 @@
 	NOT-FOR-US: FireFly
 CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl ...)
 	{DSA-1498-1}
-	- libimager-perl 0.58-1 (unimportant; bug #421582)
+	- libimager-perl 0.58-1 (bug #421582)
 	NOTE: Only CVE-2007-2413 is exploitable per upstream
 CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
 	NOT-FOR-US: Pixaria Gallery
@@ -44938,8 +44936,8 @@
 	NOT-FOR-US: Active Auction Pro
 CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
 	{DSA-1283-1 DSA-1282-1}
-	- php4 6:4.4.6-2 (unimportant)
-	- php5 5.2.0-9 (unimportant)
+	- php4 6:4.4.6-2
+	- php5 5.2.0-9
 	NOTE: register_globals not supported
 CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
 	- php4 <unfixed> (unimportant)
@@ -45731,11 +45729,11 @@
 	NOT-FOR-US: Quick.Cart
 CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
 	[etch] - trac 0.10.3-1etch1
-	- trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
+	- trac 0.10.4-1 (bug #414134; bug #420219)
 	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
 CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the &quot;download wiki page as ...)
 	[etch] - trac 0.10.3-1etch1
-	- trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
+	- trac 0.10.4-1 (bug #414134; bug #420219)
 	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
 CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
 	NOT-FOR-US: ProSysInfo TFTP Server
@@ -45807,8 +45805,8 @@
 	NOT-FOR-US: Adobe Reader
 CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
 	{DSA-1283-1 DTSA-39-1}
-	- php4 <unfixed> (unimportant)
-	- php5 5.2.0-11 (unimportant)
+	- php4 <unfixed>
+	- php5 5.2.0-11
 	NOTE: Only triggerable by malicious script
 CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
 	{DSA-1283-1 DTSA-39-1}
@@ -46604,10 +46602,10 @@
 	NOT-FOR-US: Pickle
 CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
 	- dropbear 0.49-1 (unimportant; bug #412899)
+	[etch] - dropbear 0.48.1-2 (unimportant)
 	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
 	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
 	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
-	[etch] - dropbear 0.48.1-2
 CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...)
 	NOT-FOR-US: ScryMUD
 CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...)
@@ -47113,7 +47111,7 @@
 	NOT-FOR-US: Cisco
 CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
 	{DSA-1304 DSA-1286-1}
-	- linux-2.6 2.6.20-1 (unimportant)
+	- linux-2.6 2.6.20-1
 CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
 	{DSA-1276-1}
 	- krb5 1.4.4-8 (high)
@@ -47253,10 +47251,10 @@
 	[etch] - php4 6:4.4.4-8+etch1
 CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
 	{DSA-1264-1}
-	- php5 5.2.0-9 (unimportant)
+	- php5 5.2.0-9
 	[etch] - php5 5.2.0-8+etch1
-	- php4 6:4.4.4-9 (unimportant)
-	NOTE: this extension is not enabled in the php packages
+	- php4 6:4.4.4-9
+	NOTE: this extension is not enabled by default in the php packages
 CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
 	{DSA-1264-1}
 	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
@@ -48923,7 +48921,7 @@
 	NOT-FOR-US: Total Commander
 CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
 	{DTSA-33-1}
-	- wordpress 2.0.8-1 (unimportant; bug #407289)
+	- wordpress 2.0.8-1 (bug #407289)
 CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
 	NOT-FOR-US: sNews
 CVE-2007-0260 (** DISPUTED ** ...)
@@ -51579,7 +51577,7 @@
 	NOT-FOR-US: NetGear
 CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, ...)
 	{DSA-1504-1 DSA-1436-1}
-	- linux-2.6 2.6.22-6 (unimportant)
+	- linux-2.6 2.6.22-6
 	NOTE: Mounting filesystem partitions should be limited to root
 CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
 	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
@@ -55617,7 +55615,8 @@
 CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...)
 	{DSA-1211}
 	- pdns-recursor 3.1.4-1 (bug #398557; high)
-	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
+	- pdns 2.9.20-4
+	NOTE: Recursor module has been moved to pdns-recursor
 CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...)
 	{DSA-1278-1}
 	- man-db 2.4.3-5

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-03-06 21:55:31 UTC (rev 14201)
+++ data/DSA/list	2010-03-06 22:38:20 UTC (rev 14202)
@@ -1185,7 +1185,7 @@
 	{CVE-2008-2381 CVE-2008-6189 CVE-2008-6188 CVE-2008-6187}
 	[etch] - gforge 4.5.14-22etch10
 [07 Jan 2009] DSA-1697-1 iceape - several vulnerabilities
-	{CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074}
+	{CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798 CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803 CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512 CVE-2007-3074}
 	[etch] - iceape 1.0.13~pre080614i-0etch1
 [07 Jan 2009] DSA-1696-1 icedove - several vulnerabilities
 	{CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511 CVE-2008-5512}
@@ -1895,7 +1895,7 @@
 	{CVE-2007-2808}
 	[etch] - gnatsweb 4.00-1etch1
 [10 Feb 2008] DSA-1485-2 icedove - several vulnerabilities
-	{CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594}
+	{CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594}
 	[etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1-0etch2
 [10 Feb 2008] DSA-1484-1 xulrunner - several vulnerabilities
 	{CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416 CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592 CVE-2008-0593 CVE-2008-0594 CVE-2008-0420}

More information about the Secure-testing-commits mailing list