[Secure-testing-commits] r16871 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jul 1 17:12:20 UTC 2011
Author: jmm
Date: 2011-07-01 17:12:19 +0000 (Fri, 01 Jul 2011)
New Revision: 16871
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
new harmless dbus issue
new minor issues in prosody (no-dsa)
new kernel issues
new php issue
new harmless wireshark issues
iceweasel and icedove fixed
NFUs
consolidate python path temp issues into a single entry
remove vlc/windows entry w/o useful information
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-01 15:54:59 UTC (rev 16870)
+++ data/CVE/list 2011-07-01 17:12:19 UTC (rev 16871)
@@ -130,13 +130,16 @@
CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in ...)
- linux-2.6 2.6.39-1 (low)
CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows ...)
- TODO: check
+ - dbus 1.3.2~git20100715.821f99c-1 (unimportant)
+ NOTE: Compile-time only
CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x before ...)
- TODO: check
+ - prosody 0.8.1-1
+ [squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect ...)
- TODO: check
+ - prosody 0.8.1-1
+ [squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware ...)
- TODO: check
+ NOT-FOR-US: EDS Hardware Installation tool
CVE-2011-XXXX [asterisk: AST-2011-009 - crash on malformed SIP packet]
- asterisk 1:1.8.4.3-1 (bug #631445)
[squeeze] - asterisk <not-affected>
@@ -171,8 +174,14 @@
RESERVED
CVE-2011-2518
RESERVED
+ - linux-2.6 <unfixed> (low)
+ [squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
+ [lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2517
RESERVED
+ - linux-2.6 <unfixed> (unimportant)
+ [lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
+ NOTE: Requires CAP_NET_ADMIn to exploit
CVE-2011-2516
RESERVED
CVE-2011-2515
@@ -240,11 +249,9 @@
CVE-2011-2490 [opie: missing setuid() retval check in opielogin]
RESERVED
- opie <unfixed> (bug #631345)
- TODO: check severity
CVE-2011-2489 [opie: off by one in opiesu]
RESERVED
- opie <unfixed> (bug #631344)
- TODO: check severity
CVE-2011-2488 [Joomla unspecified information disclosure vulnerability]
RESERVED
NOT-FOR-US: Joomla
@@ -281,7 +288,7 @@
CVE-2011-2478
RESERVED
CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php ...)
- TODO: check
+ NOT-FOR-US: A Really Simple Chat
CVE-2011-2469
RESERVED
CVE-2011-2467
@@ -469,9 +476,9 @@
CVE-2011-2376
RESERVED
- xulrunner <removed>
- - iceweasel <unfixed>
+ - iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2375
@@ -481,17 +488,17 @@
CVE-2011-2374
RESERVED
- xulrunner <removed>
- - iceweasel <unfixed>
+ - iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2373
RESERVED
- xulrunner <removed>
- - iceweasel <unfixed>
+ - iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2372
@@ -499,9 +506,9 @@
CVE-2011-2371
RESERVED
- xulrunner <removed>
- - iceweasel <unfixed>
+ - iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2370
@@ -531,9 +538,9 @@
CVE-2011-2365
RESERVED
- xulrunner <removed>
- - iceweasel <unfixed>
+ - iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
CVE-2011-2364
@@ -546,8 +553,20 @@
- icedove 3.1.11-1
CVE-2011-2363
RESERVED
+ - iceweasel 3.5.19-3
+ - xulrunner <removed>
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-3
+ [lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <unfixed>
CVE-2011-2362
RESERVED
+ - iceweasel 3.5.19-3
+ - xulrunner <removed>
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-3
+ [lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <unfixed>
CVE-2011-2361
RESERVED
CVE-2011-2360
@@ -848,14 +867,13 @@
NOT-FOR-US: VMware
CVE-2011-2213 [kernel: inet_diag: fix inet_diag_bc_audit]
RESERVED
- TODO: check
- NOTE: http://www.openwall.com/lists/oss-security/2011/06/20/1
+ - linux-2.6 <unfixed>
CVE-2011-2212
RESERVED
CVE-2011-2207
RESERVED
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
- TODO: check
+ NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity ...)
- prosody 0.7.0-1 (low; bug #579087)
[squeeze] - prosody <no-dsa> (Minor issue)
@@ -1536,11 +1554,12 @@
- wireshark 1.6.0-1 (unimportant; bug #630159)
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
- TODO: check
+ - wireshark <unfixed> (unimportant)
+ NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the ...)
- TODO: check
+ - wireshark <unfixed> (unimportant)
+ NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect ...)
- TODO: check
- wireshark 1.4.6-1 (unimportant)
[lenny] - wireshark <not-affected> (Affects 1.4.5 only)
[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
@@ -1592,7 +1611,7 @@
CVE-2011-1939
RESERVED
CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ...)
- TODO: check
+ - php5 <unfixed> (low)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier ...)
NOT-FOR-US: Webmin
CVE-2011-1936
@@ -1772,7 +1791,7 @@
NOT-FOR-US: Microsoft Windows
CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...)
NOT-FOR-US: Android Browser
-CVE-2011-XXXX
+CVE-2011-XXXX [modplug ABC buffer overflow]
- libmodplug <unfixed> (low; bug #625966)
CVE-2011-XXXX [fglrx-driver xauth cookie leak]
- fglrx-driver <unfixed> (low; bug #625868)
@@ -7140,10 +7159,22 @@
NOT-FOR-US: Microsoft Windows
CVE-2011-0085
RESERVED
+ - iceweasel 3.5.19-3
+ - xulrunner <removed>
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-3
+ [lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <unfixed>
CVE-2011-0084
RESERVED
CVE-2011-0083
RESERVED
+ - iceweasel 3.5.19-3
+ - xulrunner <removed>
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-3
+ [lenny] - iceape <not-affected> (Only a stub package)
+ - icedove <unfixed>
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
- xulrunner <removed>
- iceweasel <unfixed> (low; bug #627552)
@@ -8349,39 +8380,28 @@
CVE-2010-XXXX [directory traversal]
- openacs 5.5.1+dfsg-2
- dotlrn 2.5.0+dfsg-2
-CVE-2010-XXXX [python path]
+CVE-2010-XXXX [insecure python path handling]
- pymca 4.4.1p1-1 (low; bug #605160)
-CVE-2010-XXXX [python path]
- opendnssec 1.1.3-2 (low; bug #605161)
-CVE-2010-XXXX [python path]
- pybliographer 1.2.14-3 (low; bug #605153)
[squeeze] - pybliographer 1.2.12-4squeeze1
-CVE-2010-XXXX [python path]
- calendarserver 2.4.dfsg-2.1 (low; bug #605157)
[lenny] - calendarserver <no-dsa> (Minor issue)
-CVE-2010-XXXX [python path]
- gquilt 0.22-1.1 (low; bug #605152)
[lenny] - gquilt 0.20-2+lenny1
-CVE-2010-XXXX [python path]
- snappea 3.0d3-20 (low; bug #605151)
[lenny] - snappea <no-dsa> (Minor issue)
-CVE-2010-XXXX [python path]
- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
[lenny] - ironpython <no-dsa> (Minor issue)
-CVE-2010-XXXX [python path]
- gnome-schedule 2.1.1-3.1 (low; bug #605169)
[lenny] - gnome-schedule <no-dsa> (Minor issue)
-CVE-2010-XXXX [python path]
- gnumed-client 0.8.5-1 (low; bug #605159)
[squeeze] - gnumed-client 0.7.10-1
[lenny] - gnumed-client <no-dsa> (Minor issue)
-CVE-2010-XXXX [python path]
- distcc 3.1-3.2 (low; bug #605168)
[lenny] - distcc <not-affected> (Vulnerable code not present)
-CVE-2010-XXXX [python path]
- mmass 3.8.0-2 (low; bug #605150)
[squeeze] - mmass <not-affected> (Doesn't set PYTHONPATH)
-CVE-2010-XXXX [python path]
- guake 0.4.2-3 (low; bug #605163)
CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in ...)
- wireshark <not-affected> (Only affects >= 1.4)
@@ -11338,8 +11358,6 @@
NOT-FOR-US: Pecio CMS
CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...)
NOT-FOR-US: PicSell
-CVE-2010-XXXX [vlc stack overflow]
- - vlc <not-affected> (Windows-specific)
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...)
NOT-FOR-US: flock
CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-07-01 15:54:59 UTC (rev 16870)
+++ data/spu-candidates.txt 2011-07-01 17:12:19 UTC (rev 16871)
@@ -108,6 +108,11 @@
--
+prosody (CVE-2011-2531, CVE-2011-2532)
+Fixed in 0.8.1-1
+
+--
+
python2.6 (CVE-2011-1015)
http://bugs.python.org/issue2254
More information about the Secure-testing-commits
mailing list