[Secure-testing-commits] r16939 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Jul 14 15:24:31 UTC 2011


Author: jmm
Date: 2011-07-14 15:24:31 +0000 (Thu, 14 Jul 2011)
New Revision: 16939

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- apt fixed
- new vlc issues (FD, please create ticket)
- new foo2zjs issue (no-dsa)
- add missing icedove fixes
- fix wireshark entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-14 10:39:51 UTC (rev 16938)
+++ data/CVE/list	2011-07-14 15:24:31 UTC (rev 16939)
@@ -105,6 +105,9 @@
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
 CVE-2011-2684
 	RESERVED
+ 	- foo2zjs <unfixed> (low; bug filed)
+ 	[lenny] - foo2zjs <no-dsa> (Minor issue)
+ 	[squeeze] - foo2zjs <no-dsa> (Minor issue)
 CVE-2011-2683
 	RESERVED
 	- reseed <removed>
@@ -343,10 +346,12 @@
 	RESERVED
 CVE-2011-2589
 	RESERVED
-CVE-2011-2588
+CVE-2011-2588 [ http://www.videolan.org/security/sa1106.html ]
 	RESERVED
-CVE-2011-2587
+	- vlc <unfixed> (bug #633675)
+CVE-2011-2587 [ http://www.videolan.org/security/sa1105.html ]
 	RESERVED
+	- vlc <unfixed> (bug #633674)
 CVE-2011-2586
 	RESERVED
 CVE-2011-2585
@@ -905,7 +910,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-3
 	[lenny] - iceape <not-affected> (Only a stub package)
-	- icedove <unfixed>
+	- icedove 3.1.11-1
 CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...)
 	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
 	- iceweasel 3.5.19-3
@@ -914,7 +919,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-3
 	[lenny] - iceape <not-affected> (Only a stub package)
-	- icedove <unfixed>
+	- icedove 3.1.11-1
 CVE-2011-2361
 	RESERVED
 CVE-2011-2360
@@ -1921,11 +1926,11 @@
 	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
 CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
 	{DSA-2274-1}
-	- wireshark 1.2.17-1 (unimportant)
+	- wireshark 1.6.0-1 (unimportant)
 	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
 CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the ...)
 	{DSA-2274-1}
-	- wireshark 1.2.17-1 (unimportant)
+	- wireshark 1.6.0-1 (unimportant)
 	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
 CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect ...)
 	- wireshark 1.4.6-1 (unimportant)
@@ -2258,7 +2263,7 @@
 	RESERVED
 CVE-2011-1829
 	RESERVED
-	- apt <unfixed>
+	- apt 0.8.15.2
 	[squeeze] - apt <not-affected> (Vulnerable code not present)
 	[lenny] - apt <not-affected> (Vulnerable code not present)
 CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce ...)
@@ -7533,7 +7538,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-3
 	[lenny] - iceape <not-affected> (Only a stub package)
-	- icedove <unfixed>
+	- icedove 3.1.11-1
 CVE-2011-0084
 	RESERVED
 CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...)
@@ -7544,7 +7549,7 @@
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.14-3
 	[lenny] - iceape <not-affected> (Only a stub package)
-	- icedove <unfixed>
+	- icedove 3.1.11-1
 CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
 	- xulrunner <removed>
 	- iceweasel <unfixed> (low; bug #627552)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-07-14 10:39:51 UTC (rev 16938)
+++ data/ospu-candidates.txt	2011-07-14 15:24:31 UTC (rev 16939)
@@ -189,6 +189,11 @@
 
 --
 
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
 gif2png (CVE-2010-4695/CVE-2010-4696)
 #610479
 awaiting maintainer response

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-07-14 10:39:51 UTC (rev 16938)
+++ data/spu-candidates.txt	2011-07-14 15:24:31 UTC (rev 16939)
@@ -43,6 +43,11 @@
 
 --
 
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
 gif2png (CVE-2010-4695/CVE-2010-4696)
 #610479
 awaiting maintainer response




More information about the Secure-testing-commits mailing list