[Secure-testing-commits] r15943 - in data: . CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sat Jan 22 16:46:00 UTC 2011
Author: thijs
Date: 2011-01-22 16:45:58 +0000 (Sat, 22 Jan 2011)
New Revision: 15943
Modified:
data/CVE/list
data/next-point-update.txt
Log:
lenny 5.0.8
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-22 14:43:51 UTC (rev 15942)
+++ data/CVE/list 2011-01-22 16:45:58 UTC (rev 15943)
@@ -823,7 +823,7 @@
NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-XXXX
- xdigger <removed> (bug #609096)
- [lenny] - xdigger <no-dsa> (Minor issue)
+ [lenny] - xdigger 1.0.10-13+lenny1
NOTE: CVE ID requested
CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
- php5 5.3.3-7 (high)
@@ -1590,7 +1590,7 @@
NOT-FOR-US: SAP NetWeaver Business Client
CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...)
- opensc 0.11.13-1.1 (low; bug #607427)
- [lenny] - opensc <no-dsa> (Minor issue)
+ [lenny] - opensc 0.11.4-5+lenny1.1
CVE-2010-4555
RESERVED
CVE-2010-4554
@@ -1753,10 +1753,10 @@
- cobbler <itp> (bug #545583)
CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
- TODO: check
+ [lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 ...)
- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
- TODO: check
+ [lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...)
- xulrunner <not-affected> (Only affects Firefox 4.x)
CVE-2009-5031
@@ -1859,7 +1859,7 @@
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...)
{DTSA-207-1}
- mediawiki <unfixed>
- [lenny] - mediawiki <no-dsa> (Fixed in next point update)
+ [lenny] - mediawiki 1:1.12.0-2lenny7
CVE-2011-0002 [libuser creates LDAP users with a default password]
RESERVED
- libuser <unfixed> (bug #610034)
@@ -2081,18 +2081,20 @@
NOT-FOR-US: pfSense
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
- perl 5.10.1-17 (bug #606995)
+ [lenny] - perl 5.10.0-19lenny3
- libcgi-simple-perl 1.111-2 (bug #606379)
- [lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-simple-perl 1.105-1lenny1
- libcgi-pm-perl 3.51-1 (bug #606370)
- [lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-pm-perl 3.38-2lenny2
[squeeze] - libcgi-pm-perl 3.49-1squeeze1
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
- perl 5.10.1-17 (bug #606995)
+ [lenny] - perl 5.10.0-19lenny3
- libcgi-pm-perl 3.50-1 (bug #606370)
- [lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-pm-perl 3.38-2lenny2
[squeeze] - libcgi-pm-perl 3.49-1squeeze1
- libcgi-simple-perl 1.111-2 (bug #606379)
- [lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-simple-perl 1.105-1lenny1
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
NOT-FOR-US: Apache archiva
CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
@@ -2198,13 +2200,13 @@
NOT-FOR-US: Winamp
CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
- awstats 6.9.5~dfsg-5 (low; bug #606263)
- [lenny] - awstats <no-dsa> (Minor issue)
+ [lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
- awstats <not-affected> (Windows-specific issue)
NOTE: looks like it's the same as CVE-2010-4367
CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
- awstats 6.9.5~dfsg-5 (low; bug #606263)
- [lenny] - awstats <no-dsa> (Minor issue)
+ [lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
- awstats 6.9.5~dfsg-1 (unimportant)
CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR ...)
@@ -2375,7 +2377,7 @@
[lenny] - calendarserver <no-dsa> (Minor issue)
CVE-2010-XXXX [python path]
- gquilt 0.22-1.1 (low; bug #605152)
- [lenny] - gquilt <no-dsa> (Minor issue)
+ [lenny] - gquilt 0.20-2+lenny1
CVE-2010-XXXX [python path]
- snappea 3.0d3-20 (low; bug #605151)
[lenny] - snappea <no-dsa> (Minor issue)
@@ -3325,7 +3327,7 @@
[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
- git-core <removed>
- [lenny] - git-core <no-dsa> (Will be fixed in spu)
+ [lenny] - git-core 1.5.6.5-3+lenny3.3
- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for ...)
- eucalyptus <unfixed> (bug #608289)
@@ -6389,7 +6391,7 @@
CVE-2010-2788 [mediawiki XSS]
RESERVED
- mediawiki 1:1.15.5-1 (bug #590669; low)
- [lenny] - mediawiki <no-dsa> (Minor issue)
+ [lenny] - mediawiki 1:1.12.0-2lenny6
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2787 [mediawiki data leakage]
RESERVED
@@ -6549,10 +6551,10 @@
CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...)
- perl 5.10.1-17 (bug #606995)
- libcgi-pm-perl 3.50-1 (bug #606370)
- [lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-pm-perl 3.38-2lenny2
[squeeze] - libcgi-pm-perl 3.49-1squeeze1
- libcgi-simple-perl 1.111-2 (bug #606379)
- [lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+ [lenny] - libcgi-simple-perl 1.105-1lenny1
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
{DSA-2106-1}
- xulrunner <removed>
@@ -9519,11 +9521,11 @@
NOT-FOR-US: Joomla
CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
- mediawiki 1.15.4-1 (bug #585918; low)
- [lenny] - mediawiki <no-dsa> (Minor issue)
+ [lenny] - mediawiki 1:1.12.0-2lenny6
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
- mediawiki 1.15.4-1 (bug #585918; low)
- [lenny] - mediawiki <no-dsa> (Minor issue)
+ [lenny] - mediawiki 1:1.12.0-2lenny6
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
{DSA-2062-1}
@@ -11097,6 +11099,7 @@
- postgresql-8.3 <removed>
CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...)
- perl 5.10.1-13 (bug #582978)
+ [lenny] - perl 5.10.0-19lenny3
CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...)
- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
@@ -16919,7 +16922,7 @@
[etch] - guile-1.6 <no-dsa> (Minor issue)
[lenny] - guile-1.6 <no-dsa> (Minor issue)
- hamlib 1.2.10-1 (low; bug #559814)
- [lenny] - hamlib <no-dsa> (Minor issue)
+ [lenny] - hamlib 1.2.7.1-1+lenny1
[etch] - hamlib <no-dsa> (Minor issue)
- hercules 3.06-1.2 (low; bug #559815)
[lenny] - hercules <no-dsa> (Minor issue)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2011-01-22 14:43:51 UTC (rev 15942)
+++ data/next-point-update.txt 2011-01-22 16:45:58 UTC (rev 15943)
@@ -1,58 +1,2 @@
-CVE-2010-3763
- [lenny] - mantis 1.1.6+dfsg-2lenny4
-CVE-2009-3736
- [lenny] - hamlib 1.2.7.1-1+lenny1
-CVE-2010-XXXX [gquilt pythonpath issue]
- [lenny] - gquilt 0.20-2+lenny1
CVE-2010-4005
[lenny] - tomboy 0.10.2-1+lenny1
-CVE-2010-1648
- [lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-1647
- [lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-2788
- [lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-4523
- [lenny] - opensc 0.11.4-5+lenny1.1
-CVE-2011-0003
- [lenny] - mediawiki 1:1.12.0-2lenny7
-CVE-2011-XXXX
- [lenny] - xdigger 1.0.10-13+lenny1
-CVE-2010-4369
- [lenny] - awstats 6.7.dfsg-5.1+lenny1
-CVE-2010-4367
- [lenny] - awstats 6.7.dfsg-5.1+lenny1
-CVE-2010-2761
- [lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-4410
- [lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-4411
- [lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-3906
- [lenny] - git-core 1.5.6.5-3+lenny3.3
-CVE-2010-1168
- [lenny] - perl 5.10.0-19lenny3
-CVE-2010-2761
- [lenny] - perl 5.10.0-19lenny3
-CVE-2010-4410
- [lenny] - perl 5.10.0-19lenny3
-CVE-2010-4411
- [lenny] - perl 5.10.0-19lenny3
-CVE-2010-2761
- [lenny] - libcgi-simple-perl 1.105-1lenny1
-CVE-2010-4410
- [lenny] - libcgi-simple-perl 1.105-1lenny1
-CVE-2010-4411
- [lenny] - libcgi-simple-perl 1.105-1lenny1
-
-
-
-
-
-
-
-
-
-
-
-
More information about the Secure-testing-commits
mailing list