[Secure-testing-commits] r16534 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-04-18 07:59:27 +0000 (Mon, 18 Apr 2011)
New Revision: 16534

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- kde4libs fixed (no-dsa)
- two new chrome issues fixed
- libmodplug fixed, libmojolicious-perl fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-04-17 17:02:34 UTC (rev 16533)
+++ data/CVE/list	2011-04-18 07:59:27 UTC (rev 16534)
@@ -1,3 +1,5 @@
+CVE-2011-XXXX [mojoicous directory traversal]
+	- libmojolicious-perl 1.16-1
 CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in ...)
 	TODO: check
 CVE-2011-1690
@@ -253,7 +255,7 @@
 	NOTE: http://www.pureftpd.org/project/pure-ftpd/news
 CVE-2011-1574
 	RESERVED
-	- libmodplug <unfixed> (low; bug #622091)
+	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
 CVE-2011-1573
 	RESERVED
 CVE-2011-1572 [ADC path traversal]
@@ -965,8 +967,12 @@
 	RESERVED
 CVE-2011-1302
 	RESERVED
+	- chromium-browser 10.0.648.205~r81283-1
+	- webkit <undetermined>
 CVE-2011-1301
 	RESERVED
+	- chromium-browser 10.0.648.205~r81283-1
+	- webkit <undetermined>
 CVE-2011-1300
 	RESERVED
 CVE-2011-1299
@@ -1341,6 +1347,9 @@
 	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1168
 	RESERVED
+	- kde4libs 4:4.4.5-4 (low)
+	[squeeze] - kde4libs <no-dsa> (Minor issue)
+	[lenny] - kde4libs <no-dsa> (Minor issue)
 CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in ...)
 	{DSA-2210-1}
 	- tiff 3.9.4-9 (bug #619614)
@@ -1624,10 +1633,11 @@
 	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
 CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not ...)
-	- kde4libs <unfixed>
+	- kde4libs 4:4.4.5-4 (low)
+	[squeeze] - kde4libs <no-dsa> (Minor issue)
+	[lenny] - kde4libs <no-dsa> (Minor issue)
 	- kdelibs <undetermined>
 	NOTE: http://seclists.org/oss-sec/2011/q1/434
-	TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
 CVE-2011-1093
 	RESERVED
 	- linux-2.6 2.6.38-1 (low)
@@ -2665,6 +2675,7 @@
 CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to ...)
 	{DSA-2205-1}
 	- gdm3 2.30.5-9
+	- gdm <not-affected> (Affected code was introduced in 2.28)
 CVE-2011-0726
 	RESERVED
 CVE-2011-0725 (Absolute path traversal vulnerability in the ...)
@@ -8758,6 +8769,9 @@
 CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
 	{DSA-2123-1}
 	- nss 3.12.8-1
+	- kde4libs 4:4.4.5-4 (low)
+	[squeeze] - kde4libs <no-dsa> (Minor issue)
+	[lenny] - kde4libs <no-dsa> (Minor issue)
 CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2106-1}
 	- xulrunner <removed>

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-04-17 17:02:34 UTC (rev 16533)
+++ data/spu-candidates.txt	2011-04-18 07:59:27 UTC (rev 16534)
@@ -48,6 +48,11 @@
 
 --
 
+kde4libs (CVE-2011-1168, CVE-2011-3170, CVE-2011-1094)
+Fixed in 4:4.4.5-4
+
+--
+
 krb5 (CVE-2011-0281/CVE-2010-0282)
 maintainer preparing upload (r16154)