[Secure-testing-commits] r15962 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jan 25 19:02:14 UTC 2011 

Author: jmm
Date: 2011-01-25 19:01:58 +0000 (Tue, 25 Jan 2011)
New Revision: 15962

Modified:
   data/CVE/list
Log:
shib issue doesn't affect Debian
updated status on several drupal mods, none affect testing or stable
mojarra not-affected
xulrunner issue only affected experimental



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-25 17:47:53 UTC (rev 15961)
+++ data/CVE/list	2011-01-25 19:01:58 UTC (rev 15962)
@@ -6,9 +6,8 @@
 	- redmine 1.0.5-1 (bug #608397)
 	NOTE: http://www.redmine.org/news/49
 CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
-	- shibboleth-sp2 <unfixed>
+	NOTE: Not packaged in Debian, separate package Shibboleth IdP
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
-	TODO: report & request id
 CVE-2011-0520 [maradns crash with long queries]
 	RESERVED
 	- maradns <unfixed> (bug #610834)
@@ -1770,14 +1769,11 @@
 CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
 	NOT-FOR-US: MyBB
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.12-1
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.11-1
 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views 2.11-1
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
@@ -3143,8 +3139,7 @@
 	{DSA-2128-1}
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
 CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...)
-	- mojarra <unfixed>
-	TODO: check
+	- mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
 CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...)
 	NOT-FOR-US: WSN Links
 CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...)
@@ -3739,13 +3734,7 @@
 	- iceape 2.0.11-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and ...)
-	- xulrunner <removed>
-	- icedove <undetermined>
-	- iceweasel <undetermined>
-	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <undetermined>
-	[lenny] - iceape <not-affected> (Only a stub package)
-	TODO: check
+	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
 CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2132-1}
 	- xulrunner <removed>
@@ -7617,11 +7606,9 @@
 CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...)
 	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
-	- drupal6-mod-cck <undetermined>
-	TODO: check
+	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
 CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
-	- drupal6-mod-cck <undetermined>
-	TODO: check
+	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
 	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
@@ -22578,11 +22565,9 @@
 CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...)
 	NOT-FOR-US: Booktree module for drupal
 CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views <not-affected> (Fixed before initial upload)
 CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...)
-	- drupal6-mod-views <undetermined>
-	TODO: check
+	- drupal6-mod-views <not-affected> (Fixed before initial upload)
 CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...)
 	NOT-FOR-US: Nodequeue module for Drupal
 CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...)

More information about the Secure-testing-commits mailing list