[Secure-testing-commits] r16886 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jul 4 07:28:33 UTC 2011 

Author: jmm
Date: 2011-07-04 07:28:33 +0000 (Mon, 04 Jul 2011)
New Revision: 16886

Modified:
   data/CVE/list
Log:
asterisk fixed
new groff issue unimportant, another groff issue CVEfied
new firefox issue not affecting debian releases


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-03 19:53:48 UTC (rev 16885)
+++ data/CVE/list	2011-07-04 07:28:33 UTC (rev 16886)
@@ -89,9 +89,11 @@
 CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as a WebGL ...)
 	TODO: check
 CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote ...)
-	TODO: check
+	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
+	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
 CVE-2009-5082 (The (1) configure and (2) config.guess scripts in GNU troff (aka ...)
-	TODO: check
+	- groff 1.20.1-5 (unimportant; bug #538338)
+	NOTE: Only exploitable during build
 CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) ...)
 	TODO: check
 CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) ...)
@@ -99,7 +101,9 @@
 CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) ...)
 	TODO: check
 CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 ...)
-	TODO: check
+	- groff 1.20.1-5 (low; bug #538338)
+	[etch] - groff <not-affected> (pdfroff not yet present)
+	[lenny] - groff <not-affected> (pdfroff not yet present)
 CVE-2011-2597
 	RESERVED
 CVE-2011-2596
@@ -226,7 +230,7 @@
 	- movabletype-opensource 4.3.7+dfsg-1 (bug #631437)
 CVE-2011-2536 [AST-2011-011]
 	RESERVED
-	- asterisk <unfixed> (bug #632029)
+	- asterisk 1:1.8.4.4~dfsg-1 (bug #632029)
 CVE-2011-XXXX [pyro: pidfile in /tmp, opened insecurely]
 	- pyro <unfixed> (bug #631912)
 CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in ...)
@@ -26853,11 +26857,6 @@
 	[etch] - bugzilla <no-dsa> (minor issue)
 	[lenny] - bugzilla <no-dsa> (minor issue)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
-CVE-2009-XXXX [groff: insecure usage of gs]
-	- groff 1.20.1-5 (low; bug #538338)
-	[etch] - groff <not-affected> (pdfroff not yet present)
-	[lenny] - groff <not-affected> (pdfroff not yet present)
-	NOTE: requested CVE ids
 CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows ...)
 	- groff 1.20.1-5 (low; bug #538330)
 	[etch] - groff <not-affected> (pdfroff not yet present)

More information about the Secure-testing-commits mailing list