[Secure-testing-commits] r15928 - in data: . CVE DSA

Wed Jan 19 16:58:48 UTC 2011

Author: jmm
Date: 2011-01-19 16:58:42 +0000 (Wed, 19 Jan 2011)
New Revision: 15928

Modified:
   data/CVE/list
   data/DSA/list
   data/next-point-update.txt
Log:
- new spip issues (fixed in sid, not in lenny)
- more IDs assigned to tor security update
- new asterisk issue
- libcgi-simple-perl spu


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-01-19 10:40:41 UTC (rev 15927)
+++ data/CVE/list	2011-01-19 16:58:42 UTC (rev 15928)
@@ -1,3 +1,17 @@
+CVE-2011-0493
+	{DSA-2148-1}
+	- tor 0.2.1.29-1
+CVE-2011-0492
+	{DSA-2148-1}
+	- tor 0.2.1.29-1
+CVE-2011-0491
+	{DSA-2148-1}
+	- tor 0.2.1.29-1
+CVE-2011-0490
+	{DSA-2148-1}
+	- tor 0.2.1.29-1
+CVE-2011-XXXX [multiple spip issues]
+	- spip 2.1.1-3 (bug #609212; bug #610016)
 CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
 	- chromium-browser 9.0.597.45~r70550-1
 	[squeeze] - chromium-browser <not-affected>
@@ -1760,6 +1774,7 @@
 CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
 	- perl 5.10.1-17 (bug #606995)
 	- libcgi-simple-perl 1.111-2 (bug #606379)
+	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
 	- libcgi-pm-perl 3.51-1 (bug #606370)
 	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
@@ -1769,6 +1784,7 @@
 	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
 	- libcgi-simple-perl 1.111-2 (bug #606379)
+	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
 CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
 	NOT-FOR-US: Apache archiva
 CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
@@ -6232,6 +6248,7 @@
 	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
 	- libcgi-simple-perl 1.111-2 (bug #606379)
+	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
 	{DSA-2106-1}
 	- xulrunner <removed>
@@ -12800,8 +12817,9 @@
 	NOT-FOR-US: Apple Disk Images
 CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...)
 	NOT-FOR-US: Apple iPhone OS
-CVE-2010-0495
+CVE-2010-0495 [AST-2011-001]
 	RESERVED
+	- asterisk <unfixed> (bug #610487)
 CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0493

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-01-19 10:40:41 UTC (rev 15927)
+++ data/DSA/list	2011-01-19 16:58:42 UTC (rev 15928)
@@ -1,5 +1,5 @@
 [17 Jan 2011] DSA-2148-1 tor - several
-	{CVE-2011-0015 CVE-2011-0016 CVE-2011-0427}
+	{CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493}
 	[lenny] - tor 0.2.1.29-1~lenny+1
 [16 Jan 2011] DSA-2147-1 pimd - insecure temporary files
 	{CVE-2011-0007}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2011-01-19 10:40:41 UTC (rev 15927)
+++ data/next-point-update.txt	2011-01-19 16:58:42 UTC (rev 15928)
@@ -38,6 +38,12 @@
 	[lenny] - perl 5.10.0-19lenny3
 CVE-2010-4411
 	[lenny] - perl 5.10.0-19lenny3
+CVE-2010-2761
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
+CVE-2010-4410
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
+CVE-2010-4411
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
 
 
 
@@ -49,3 +55,4 @@
 
 
 
+


