[Secure-testing-commits] r16830 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jun 21 16:43:36 UTC 2011
Author: jmm
Date: 2011-06-21 16:43:36 +0000 (Tue, 21 Jun 2011)
New Revision: 16830
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- new wireshark issue not affecting stable/oldstable
- prosody/billion laughs / no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-06-21 16:39:13 UTC (rev 16829)
+++ data/CVE/list 2011-06-21 16:43:36 UTC (rev 16830)
@@ -649,7 +649,11 @@
TODO: check
CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, ...)
TODO: check
-CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
+CVE-2010-XXXX [prosody billion laughs]
+ - prosody 0.7.0-1 (low; bug #579087)
+ [squeeze] - prosody <no-dsa> (Minor issue)
+ [lenny] - prosody <no-dsa> (Minor issue)
+CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in config.cgi in Icinga ...)
- icinga <undetermined>
NOTE: 1.4.1 is said to be fixed
- nagios3 <undetermined>
@@ -1279,6 +1283,10 @@
TODO: check
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect ...)
TODO: check
+ - wireshark 1.4.6-1 (unimportant)
+ [lenny] - wireshark <not-affected> (Affects 1.4.5 only)
+ [squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
+ NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
RESERVED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2011-06-21 16:39:13 UTC (rev 16829)
+++ data/ospu-candidates.txt 2011-06-21 16:43:36 UTC (rev 16830)
@@ -524,6 +524,15 @@
--
+prosody (CVE-2010-XXXX)
+#579087
+Also requires additional fix in lua-expat
+
+--
+
+
+--
+
puppet (CVE-2009-3564, CVE-2010-0156)
--
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-06-21 16:39:13 UTC (rev 16829)
+++ data/spu-candidates.txt 2011-06-21 16:43:36 UTC (rev 16830)
@@ -102,6 +102,12 @@
--
+prosody (CVE-2010-XXXX)
+#579087
+Also requires additional fix in lua-expat
+
+--
+
python2.6 (CVE-2011-1015)
http://bugs.python.org/issue2254
More information about the Secure-testing-commits
mailing list