[Secure-testing-commits] r17800 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Dec 16 17:05:33 UTC 2011
Author: jmm
Date: 2011-12-16 17:05:32 +0000 (Fri, 16 Dec 2011)
New Revision: 17800
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- one asterisk issue not unimportant
- atftpd issue doesn't affect lenny
- couchdb fixed
- update plt-scheme/gd status
- DHCP issue only for stable
- new chrome issues
- new libxml2 issues
- xorg issue doesn't affect lenny
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-12-16 09:14:26 UTC (rev 17799)
+++ data/CVE/list 2011-12-16 17:05:32 UTC (rev 17800)
@@ -880,6 +880,7 @@
CVE-2011-4613 [X launcher permission bypass]
RESERVED
- xorg <unfixed> (bug #652249)
+ [lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
CVE-2011-4612
RESERVED
CVE-2011-4611
@@ -920,8 +921,7 @@
CVE-2011-4598 (channels/chan_sip.c in Asterisk Open Source 1.6.2.x before 1.6.2.21 ...)
- asterisk <unfixed> (bug #651552)
CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x before ...)
- - asterisk <unfixed> (unimportant; bug #651552)
- NOTE: This is mostly a design limitation and has very little impact
+ - asterisk <unfixed> (bug #651552)
CVE-2011-4596
RESERVED
- nova 2012.1~e1-4
@@ -1068,7 +1068,7 @@
CVE-2011-4540 (Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open ...)
NOT-FOR-US: AtMail
CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 ...)
- - dhcp3 <removed>
+ - dhcp3 <not-affected> (Only affects DHCP 4.x)
- isc-dhcp <unfixed> (bug #652259; low)
CVE-2011-4538
RESERVED
@@ -3041,35 +3041,49 @@
CVE-2011-3918
RESERVED
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote ...)
- TODO: check
+ - libxml2 <unfixed>
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3902
RESERVED
CVE-2011-3901
@@ -3698,6 +3712,7 @@
- roundcube 0.5.4+dfsg-1 (bug #641996)
CVE-2011-XXXX [atftp DoS]
- atftp 0.7.dfsg-11
+ [lenny] - atftp <not-affected> (Introduced with ipv6 patch)
CVE-2011-3644
RESERVED
CVE-2011-3643
@@ -13750,9 +13765,7 @@
- chromium-browser <undetermined>
- webkit <undetermined>
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...)
- - chromium-browser <undetermined>
- - webkit <undetermined>
- TODO: recheck, title says it affects some libxml
+ - libxml2 <unfixed>
CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly ...)
NOT-FOR-US: ImageIO in Apple Safari
CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ...)
@@ -16485,7 +16498,7 @@
{DSA-2155-1}
- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
- - couchdb <unfixed>
+ - couchdb 1.1.0-1
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...)
- pam 1.1.3-1 (low; bug #608273)
CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...)
@@ -30819,9 +30832,8 @@
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...)
{DSA-1936-1}
- libwmf <unfixed> (unimportant)
- - plt-scheme <unfixed> (low; bug #601525)
- [squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
- [lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
+ - racket 5.0.2-1 (unimportant; bug #601525)
+ NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
- php5 <not-affected> (the php packages use the system libgd2)
NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
@@ -62840,9 +62852,8 @@
NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
- libwmf <unfixed> (unimportant)
- - plt-scheme <unfixed> (low; bug #601525)
- [squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
- [lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
+ - racket 5.0.2-1 (unimportant; bug #601525)
+ NOTE: Only present in one of the sample pl-scheme packages (plot)
- libgd2 2.0.35.dfsg-3
[etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...)
@@ -64989,9 +65000,8 @@
{DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
- libwmf <unfixed> (unimportant)
- - plt-scheme <unfixed> (low; bug #601525)
- [squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
- [lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
+ - racket 5.0.2-1 (unimportant; bug #601525)
+ NOTE: Only present in one of the sample pl-scheme packages (plot)
NOTE: Debian's PHP packages are linked dynamically against libgd
NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
@@ -66257,17 +66267,15 @@
{DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
- libwmf <unfixed> (unimportant)
- - plt-scheme <unfixed> (low; bug #601525)
- [squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
- [lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
+ - racket 5.0.2-1 (unimportant; bug #601525)
+ NOTE: Only present in one of the sample pl-scheme packages (plot)
NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...)
{DSA-1613-1}
- libgd2 2.0.35.dfsg-1 (low)
- libwmf <unfixed> (unimportant)
- - plt-scheme <unfixed> (low; bug #601525)
- [squeeze] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
- [lenny] - plt-scheme <no-dsa> (Only present in one of the sample packages (plot)
+ - racket 5.0.2-1 (unimportant; bug #601525)
+ NOTE: Only present in one of the sample pl-scheme packages (plot)
NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)
- libgd2 <unfixed> (unimportant)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-12-16 09:14:26 UTC (rev 17799)
+++ data/spu-candidates.txt 2011-12-16 17:05:32 UTC (rev 17800)
@@ -110,6 +110,7 @@
--
perl (CVE-2011-3597, CVE-2011-2939)
+notified maintainer
--
More information about the Secure-testing-commits
mailing list