[Secure-testing-commits] r16939 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Thu Jul 14 15:24:31 UTC 2011
Author: jmm
Date: 2011-07-14 15:24:31 +0000 (Thu, 14 Jul 2011)
New Revision: 16939
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- apt fixed
- new vlc issues (FD, please create ticket)
- new foo2zjs issue (no-dsa)
- add missing icedove fixes
- fix wireshark entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-07-14 10:39:51 UTC (rev 16938)
+++ data/CVE/list 2011-07-14 15:24:31 UTC (rev 16939)
@@ -105,6 +105,9 @@
NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2684
RESERVED
+ - foo2zjs <unfixed> (low; bug filed)
+ [lenny] - foo2zjs <no-dsa> (Minor issue)
+ [squeeze] - foo2zjs <no-dsa> (Minor issue)
CVE-2011-2683
RESERVED
- reseed <removed>
@@ -343,10 +346,12 @@
RESERVED
CVE-2011-2589
RESERVED
-CVE-2011-2588
+CVE-2011-2588 [ http://www.videolan.org/security/sa1106.html ]
RESERVED
-CVE-2011-2587
+ - vlc <unfixed> (bug #633675)
+CVE-2011-2587 [ http://www.videolan.org/security/sa1105.html ]
RESERVED
+ - vlc <unfixed> (bug #633674)
CVE-2011-2586
RESERVED
CVE-2011-2585
@@ -905,7 +910,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- - icedove <unfixed>
+ - icedove 3.1.11-1
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
@@ -914,7 +919,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- - icedove <unfixed>
+ - icedove 3.1.11-1
CVE-2011-2361
RESERVED
CVE-2011-2360
@@ -1921,11 +1926,11 @@
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
{DSA-2274-1}
- - wireshark 1.2.17-1 (unimportant)
+ - wireshark 1.6.0-1 (unimportant)
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the ...)
{DSA-2274-1}
- - wireshark 1.2.17-1 (unimportant)
+ - wireshark 1.6.0-1 (unimportant)
NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect ...)
- wireshark 1.4.6-1 (unimportant)
@@ -2258,7 +2263,7 @@
RESERVED
CVE-2011-1829
RESERVED
- - apt <unfixed>
+ - apt 0.8.15.2
[squeeze] - apt <not-affected> (Vulnerable code not present)
[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce ...)
@@ -7533,7 +7538,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- - icedove <unfixed>
+ - icedove 3.1.11-1
CVE-2011-0084
RESERVED
CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...)
@@ -7544,7 +7549,7 @@
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- - icedove <unfixed>
+ - icedove 3.1.11-1
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
- xulrunner <removed>
- iceweasel <unfixed> (low; bug #627552)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2011-07-14 10:39:51 UTC (rev 16938)
+++ data/ospu-candidates.txt 2011-07-14 15:24:31 UTC (rev 16939)
@@ -189,6 +189,11 @@
--
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
gif2png (CVE-2010-4695/CVE-2010-4696)
#610479
awaiting maintainer response
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-07-14 10:39:51 UTC (rev 16938)
+++ data/spu-candidates.txt 2011-07-14 15:24:31 UTC (rev 16939)
@@ -43,6 +43,11 @@
--
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
gif2png (CVE-2010-4695/CVE-2010-4696)
#610479
awaiting maintainer response
More information about the Secure-testing-commits
mailing list