[Secure-testing-commits] r15995 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Jan 28 08:34:40 UTC 2011 

Author: jmm
Date: 2011-01-28 08:34:34 +0000 (Fri, 28 Jan 2011)
New Revision: 15995

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
add latest oo.o issues, not tracking libreoffice yet, we can start
once it has been uploaded initially to unstable


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-27 23:42:17 UTC (rev 15994)
+++ data/CVE/list	2011-01-28 08:34:34 UTC (rev 15995)
@@ -1001,6 +1001,7 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2011/01/04/8
 CVE-2010-4643
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...)
 	NOT-FOR-US: XWiki
 CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows ...)
@@ -2610,6 +2611,7 @@
 	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
 CVE-2010-4253
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
 	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
 	NOTE: http://www.openssl.org/news/secadv_20101202.txt
@@ -4104,6 +4106,7 @@
 	- moodle 1.9.9.dfsg2-2 (bug #601384)
 CVE-2010-3689
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
 	NOT-FOR-US: powermail extension 1.5.3 for typo3
 CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
@@ -4707,14 +4710,19 @@
 	NOT-FOR-US: AChecker
 CVE-2010-3454
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3453
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3452
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3451
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3450
 	RESERVED
+	- openoffice.org 1:3.2.1-11+squeeze2
 CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...)
 	NOT-FOR-US: Redback
 CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...)
@@ -17735,6 +17743,7 @@
 	- matrixssl 1.8.8-1
 	[lenny] - matrixssl <no-dsa> (Fringe SSL implementation, can be fixed in spu)
 	- tomcat-native 1.1.18-1
+	[lenny] - tomcat-native <no-dsa> (Minor issue)
 	- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
 	- xyssl <undetermined>
 	- polarssl <undetermined>

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-01-27 23:42:17 UTC (rev 15994)
+++ data/spu-candidates.txt	2011-01-28 08:34:34 UTC (rev 15995)
@@ -471,6 +471,10 @@
 
 --
 
+tomcat-native (CVE-2009-3555)
+
+--
+
 torcs (CVE-2010-3384)
 #598306

More information about the Secure-testing-commits mailing list