[Secure-testing-commits] r16152 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Feb 15 16:57:30 UTC 2011 

Author: jmm
Date: 2011-02-15 16:57:24 +0000 (Tue, 15 Feb 2011)
New Revision: 16152

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- stunnel, pidgin no-dsa
- 2008 eclipse issue already fixed before, 2010 fixed in sid
- one kfreebsd issue fixed long ago, the other no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-02-14 21:15:37 UTC (rev 16151)
+++ data/CVE/list	2011-02-15 16:57:24 UTC (rev 16152)
@@ -9,15 +9,13 @@
 	NOTE: http://bugs.python.org/issue2254
 	TODO: check, request id
 CVE-2010-XXXX [kfreebsd dos]
-	- kfreebsd-8 <undetermined> (bug #613312)
-	- kfreebsd-7 <undetermined> (bug #613312)
-	NOTE: asked maintainer to check
-CVE-2010-XXXX [kfreebsd memory leak]
-	- kfreebsd-8 <undetermined> (bug #613311)
-	- kfreebsd-7 <undetermined> (bug #613311)
-	NOTE: asked maintainer to check
+	- kfreebsd-8 <unfixed> (low; bug #613312)
+	[lenny] - kfreebsd-8 <no-dsa> (Can be fixed through a point update)
+	- kfreebsd-7 <unfixed> (bug #613312)
+	[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
 CVE-2010-XXXX [xinha multiple vulns]
-	- serendipity <unfixed>
+	- serendipity <unfixed> (bug #611661)
+	[lenny] - serendipity <not-affected> (Xinha not yet included)
 	- openacs <unfixed>
 	- dotlrn <unfixed>
 	TODO: check & request ids
@@ -473,12 +471,15 @@
 	- php-gettext <unfixed> (unimportant)
 	NOTE: http://secunia.com/advisories/43228/ they are only examples
 CVE-2011-XXXX [libpurple info leak]
-	- pidgin <unfixed>
+	- pidgin <unfixed> (low)
+	[lenny] - pidgin <no-dsa> (Minor issue)
+	[squeeze] - pidgin <no-dsa> (Minor issue)
 	NOTE: http://www.pidgin.im/news/security/?id=50
 CVE-2011-XXXX [stunnel fd leak]
-	- stunnel4 <unfixed>
+	- stunnel4 <unfixed> (low)
+	[lenny] - stunnel4 <no-dsa> (Minor issue)
+	[squeeze] - stunnel4 <no-dsa> (Minor issue)
 	NOTE: http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
-	TODO: check
 CVE-2011-XXXX [wordpress multiple issues]
 	- wordpress 3.0.5+dfsg-1
 	NOTE: http://codex.wordpress.org/Version_3.0.5
@@ -1351,9 +1352,7 @@
 	[lenny] - gif2png <no-dsa> (Minor issue)
 	[squeeze] - gif2png <no-dsa> (Minor issue)
 CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
-	- eclipse <unfixed> (low; bug #611849)
-	[squeeze] - eclipse <no-dsa> (Minor issue)
-	[lenny] - eclipse <no-dsa> (Minor issue)
+	- eclipse <not-affected> (Fixed before the version now in Squeeze)
 CVE-2011-0426
 	RESERVED
 CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
@@ -1849,7 +1848,7 @@
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
 CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
-	- eclipse <unfixed> (low; bug #611849)
+	- eclipse 3.5.2-9 (low; bug #611849)
 	[squeeze] - eclipse <no-dsa> (Minor issue)
 	[lenny] - eclipse <no-dsa> (Minor issue)
 CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...)
@@ -2798,7 +2797,6 @@
 	RESERVED
 	{DSA-2162-1}
 	- openssl 0.9.8o-5 (low)
-	[squeeze] - openssl 0.9.8o-4squeeze
 	[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are affected)
 CVE-2011-0013 [tomcat HTML manager XSS]
 	RESERVED
@@ -92491,7 +92489,8 @@
 	- mysql-dfsg 4.0.24
 	- mysql-dfsg-4.1 4.1.10a
 CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
-	NOT-FOR-US: FreeBSD
+	- kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311)
+	- kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311)
 CVE-2003-1130
 	REJECTED
 CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-02-14 21:15:37 UTC (rev 16151)
+++ data/ospu-candidates.txt	2011-02-15 16:57:24 UTC (rev 16152)
@@ -137,7 +137,7 @@
 
 --
 
-eclipse (CVE-2008-7271/CVE-2010-4647)
+eclipse (CVE-2010-4647)
 #611849
 
 --
@@ -469,6 +469,11 @@
 
 --
 
+pidgin CVE-2011-XXXX
+http://www.pidgin.im/news/security/?id=50
+
+--
+
 postfix (CVE-2009-2939)
 notified maintainer
 
@@ -513,6 +518,11 @@
 
 --
 
+stunnel (CVE-2011-XXXX)
+http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)
+
+--
+
 tangerine (CVE-2010-3381)
 #598302
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-02-14 21:15:37 UTC (rev 16151)
+++ data/spu-candidates.txt	2011-02-15 16:57:24 UTC (rev 16152)
@@ -15,7 +15,7 @@
 
 --
 
-eclipse (CVE-2008-7271/CVE-2010-4647)
+eclipse (CVE-2010-4647)
 #611849
 
 --
@@ -33,4 +33,12 @@
 tesseract (CVE-2011-XXXX)
 #612032
 
+--
 
+pidgin (CVE-2011-XXXX)
+http://www.pidgin.im/news/security/?id=50
+
+--
+
+stunnel (CVE-2011-XXXX)
+http://www.stunnel.org/?page=sdf_ChangeLog (v4.35)

More information about the Secure-testing-commits mailing list