[Secure-testing-commits] r15943 - in data: . CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sat Jan 22 16:46:00 UTC 2011 

Author: thijs
Date: 2011-01-22 16:45:58 +0000 (Sat, 22 Jan 2011)
New Revision: 15943

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
lenny 5.0.8


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-22 14:43:51 UTC (rev 15942)
+++ data/CVE/list	2011-01-22 16:45:58 UTC (rev 15943)
@@ -823,7 +823,7 @@
 	NOT-FOR-US: Cisco Adaptive Security Appliances
 CVE-2011-XXXX
 	- xdigger <removed> (bug #609096)
-	[lenny] - xdigger <no-dsa> (Minor issue)
+	[lenny] - xdigger 1.0.10-13+lenny1
 	NOTE: CVE ID requested
 CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
 	- php5 5.3.3-7 (high)
@@ -1590,7 +1590,7 @@
 	NOT-FOR-US: SAP NetWeaver Business Client
 CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...)
 	- opensc 0.11.13-1.1 (low; bug #607427)
-	[lenny] - opensc <no-dsa> (Minor issue)
+	[lenny] - opensc 0.11.4-5+lenny1.1
 CVE-2010-4555
 	RESERVED
 CVE-2010-4554
@@ -1753,10 +1753,10 @@
 	- cobbler <itp> (bug #545583)
 CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
 	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
-	TODO: check
+	[lenny] - movabletype-opensource 4.2.3-1+lenny2
 CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 ...)
 	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
-	TODO: check
+	[lenny] - movabletype-opensource 4.2.3-1+lenny2
 CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...)
 	- xulrunner <not-affected> (Only affects Firefox 4.x)
 CVE-2009-5031
@@ -1859,7 +1859,7 @@
 CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...)
 	{DTSA-207-1}
 	- mediawiki <unfixed>
-	[lenny] - mediawiki <no-dsa> (Fixed in next point update)
+	[lenny] - mediawiki 1:1.12.0-2lenny7
 CVE-2011-0002 [libuser creates LDAP users with a default password]
 	RESERVED
 	- libuser <unfixed> (bug #610034)
@@ -2081,18 +2081,20 @@
 	NOT-FOR-US: pfSense
 CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
 	- perl 5.10.1-17 (bug #606995)
+	[lenny] - perl 5.10.0-19lenny3
 	- libcgi-simple-perl 1.111-2 (bug #606379)
-	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
 	- libcgi-pm-perl 3.51-1 (bug #606370)
-	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-pm-perl 3.38-2lenny2
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
 CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
 	- perl 5.10.1-17 (bug #606995)
+	[lenny] - perl 5.10.0-19lenny3
 	- libcgi-pm-perl 3.50-1 (bug #606370)
-	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-pm-perl 3.38-2lenny2
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
 	- libcgi-simple-perl 1.111-2 (bug #606379)
-	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
 CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
 	NOT-FOR-US: Apache archiva
 CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
@@ -2198,13 +2200,13 @@
 	NOT-FOR-US: Winamp
 CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
 	- awstats 6.9.5~dfsg-5 (low; bug #606263)
-	[lenny] - awstats <no-dsa> (Minor issue)
+	[lenny] - awstats 6.7.dfsg-5.1+lenny1
 CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
 	- awstats <not-affected> (Windows-specific issue)
 	NOTE: looks like it's the same as CVE-2010-4367
 CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
 	- awstats 6.9.5~dfsg-5 (low; bug #606263)
-	[lenny] - awstats <no-dsa> (Minor issue)
+	[lenny] - awstats 6.7.dfsg-5.1+lenny1
 CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
 	- awstats 6.9.5~dfsg-1 (unimportant)
 CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux, when using Cuneiform as the OCR ...)
@@ -2375,7 +2377,7 @@
 	[lenny] - calendarserver <no-dsa> (Minor issue)
 CVE-2010-XXXX [python path]
 	- gquilt 0.22-1.1 (low; bug #605152)
-	[lenny] - gquilt <no-dsa> (Minor issue)
+	[lenny] - gquilt 0.20-2+lenny1
 CVE-2010-XXXX [python path]
 	- snappea 3.0d3-20 (low; bug #605151)
 	[lenny] - snappea <no-dsa> (Minor issue)
@@ -3325,7 +3327,7 @@
 	[lenny] - vlc <not-affected> (Vulnerable code not present)
 CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
 	- git-core <removed>
-	[lenny] - git-core <no-dsa> (Will be fixed in spu)
+	[lenny] - git-core 1.5.6.5-3+lenny3.3
 	- git 1:1.7.2.3-2.2
 CVE-2010-3905 (The password reset feature in the administrator interface for ...)
 	- eucalyptus <unfixed> (bug #608289)
@@ -6389,7 +6391,7 @@
 CVE-2010-2788 [mediawiki XSS]
 	RESERVED
 	- mediawiki 1:1.15.5-1 (bug #590669; low)
-	[lenny] - mediawiki <no-dsa> (Minor issue)
+	[lenny] - mediawiki 1:1.12.0-2lenny6
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
 CVE-2010-2787 [mediawiki data leakage]
 	RESERVED
@@ -6549,10 +6551,10 @@
 CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...)
 	- perl 5.10.1-17 (bug #606995)
 	- libcgi-pm-perl 3.50-1 (bug #606370)
-	[lenny] - libcgi-pm-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-pm-perl 3.38-2lenny2
 	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
 	- libcgi-simple-perl 1.111-2 (bug #606379)
-	[lenny] - libcgi-simple-perl <no-dsa> (Fixed through spu)
+	[lenny] - libcgi-simple-perl 1.105-1lenny1
 CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
 	{DSA-2106-1}
 	- xulrunner <removed>
@@ -9519,11 +9521,11 @@
 	NOT-FOR-US: Joomla
 CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <no-dsa> (Minor issue)
+	[lenny] - mediawiki 1:1.12.0-2lenny6
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
 	- mediawiki 1.15.4-1 (bug #585918; low)
-	[lenny] - mediawiki <no-dsa> (Minor issue)
+	[lenny] - mediawiki 1:1.12.0-2lenny6
 	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
 CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
 	{DSA-2062-1}
@@ -11097,6 +11099,7 @@
 	- postgresql-8.3 <removed>
 CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...)
 	- perl 5.10.1-13 (bug #582978)
+	[lenny] - perl 5.10.0-19lenny3
 CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...)
 	- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
 	NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
@@ -16919,7 +16922,7 @@
 	[etch] - guile-1.6 <no-dsa> (Minor issue)
 	[lenny] - guile-1.6 <no-dsa> (Minor issue)
 	- hamlib 1.2.10-1 (low; bug #559814)
-	[lenny] - hamlib <no-dsa> (Minor issue)
+	[lenny] - hamlib 1.2.7.1-1+lenny1
 	[etch] - hamlib <no-dsa> (Minor issue)
 	- hercules 3.06-1.2 (low; bug #559815)
 	[lenny] - hercules <no-dsa> (Minor issue)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2011-01-22 14:43:51 UTC (rev 15942)
+++ data/next-point-update.txt	2011-01-22 16:45:58 UTC (rev 15943)
@@ -1,58 +1,2 @@
-CVE-2010-3763
-	[lenny] - mantis 1.1.6+dfsg-2lenny4
-CVE-2009-3736
-	[lenny] - hamlib 1.2.7.1-1+lenny1
-CVE-2010-XXXX [gquilt pythonpath issue]
-	[lenny] - gquilt 0.20-2+lenny1
 CVE-2010-4005
 	[lenny] - tomboy 0.10.2-1+lenny1
-CVE-2010-1648
-	[lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-1647
-	[lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-2788
-	[lenny] - mediawiki 1:1.12.0-2lenny6
-CVE-2010-4523
-	[lenny] - opensc 0.11.4-5+lenny1.1
-CVE-2011-0003
-	[lenny] - mediawiki 1:1.12.0-2lenny7
-CVE-2011-XXXX
-	[lenny] - xdigger 1.0.10-13+lenny1
-CVE-2010-4369
-	[lenny] - awstats 6.7.dfsg-5.1+lenny1
-CVE-2010-4367
-	[lenny] - awstats 6.7.dfsg-5.1+lenny1
-CVE-2010-2761
-	[lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-4410
-	[lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-4411
-	[lenny] - libcgi-pm-perl 3.38-2lenny2
-CVE-2010-3906
-	[lenny] - git-core 1.5.6.5-3+lenny3.3
-CVE-2010-1168
-	[lenny] - perl 5.10.0-19lenny3
-CVE-2010-2761
-	[lenny] - perl 5.10.0-19lenny3
-CVE-2010-4410
-	[lenny] - perl 5.10.0-19lenny3
-CVE-2010-4411
-	[lenny] - perl 5.10.0-19lenny3
-CVE-2010-2761
-	[lenny] - libcgi-simple-perl 1.105-1lenny1
-CVE-2010-4410
-	[lenny] - libcgi-simple-perl 1.105-1lenny1
-CVE-2010-4411
-	[lenny] - libcgi-simple-perl 1.105-1lenny1
-
-
-
-
-
-
-
-
-
-
-
-

More information about the Secure-testing-commits mailing list