[Secure-testing-commits] r16932 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Jul 13 20:15:47 UTC 2011 

Author: jmm
Date: 2011-07-13 20:15:46 +0000 (Wed, 13 Jul 2011)
New Revision: 16932

Modified:
   data/CVE/list
Log:
- new reseed issue (no-dsa)
- new kvm issue, fixed in sid along with another issue
- new drupal issue not affecting stable/oldstable, fixed in sid
- new plone issues (oldstable only and virtually unused, no-dsa or removal seems the best solution)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-13 09:14:18 UTC (rev 16931)
+++ data/CVE/list	2011-07-13 20:15:46 UTC (rev 16932)
@@ -92,6 +92,8 @@
 	- libapache2-mod-authnz-external <unfixed> (medium; bug #633637)
 CVE-2011-2687
 	RESERVED
+	- drupal7 7.4-1 (bug #633385)
+	- drupal6 <not-affected>
 CVE-2011-2686
 	RESERVED
 CVE-2011-2685 [libreoffice lotus word pro filter, wrong object id cast ]
@@ -105,6 +107,8 @@
 	RESERVED
 CVE-2011-2683
 	RESERVED
+	- reseed <removed>
+	[lenny] - reseed <no-dsa> (Minor issue)
 CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) ...)
 	NOT-FOR-US: Best Soft Inc.
 CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...)
@@ -441,6 +445,7 @@
 	RESERVED
 CVE-2011-2538
 	RESERVED
+	- plone3 <removed>
 CVE-2011-2537
 	RESERVED
 CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7]
@@ -475,8 +480,10 @@
 	- asterisk 1:1.8.4.3-1 (bug #631446)
 CVE-2011-2528
 	RESERVED
-CVE-2011-2527
+CVE-2011-2527 
 	RESERVED
+	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
+	- kvm <not-affected> (Vulnerable code not present)
 CVE-2011-2526
 	RESERVED
 CVE-2011-2525
@@ -1211,8 +1218,8 @@
 	- linux-2.6 3.6.39-3
 CVE-2011-2212
 	RESERVED
-	- qemu-kvm <unfixed> (bug #632987)
-	- kvm <undetermined>
+	- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
+	- kvm <removed>
 CVE-2011-2207
 	RESERVED
 CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
@@ -1939,11 +1946,11 @@
 	[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
 	NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
 CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...)
-	- plone3 <undetermined>
+	- plone3 <removed>
 CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in ...)
-	- plone3 <undetermined>
+	- plone3 <removed>
 CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier ...)
-	- plone3 <undetermined>
+	- plone3 <removed>
 CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...)
 	- fetchmail <unfixed> (unimportant)
 	NOTE: http://gitorious.org/fetchmail/fetchmail/blobs/legacy_63/fetchmail-SA-2011-01.txt

More information about the Secure-testing-commits mailing list