[Secure-testing-commits] r16326 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Mar 8 10:10:08 UTC 2011 

Author: jmm
Date: 2011-03-08 10:10:01 +0000 (Tue, 08 Mar 2011)
New Revision: 16326

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- openssh non-issue
- clamav no-dsa
- webkit/chromiun
- bind issue doesn't affect Lenny


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-08 09:50:51 UTC (rev 16325)
+++ data/CVE/list	2011-03-08 10:10:01 UTC (rev 16326)
@@ -355,47 +355,67 @@
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
 	TODO: check
 CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...)
-	TODO: check
+	NOTE: That's essentially shooting yourself in your own foot:
+	NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html
 CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...)
-	TODO: check
+	NOT-FOR-US: FreeBSD/NetBSD libc
 CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
 	NOT-FOR-US: IBM Lotus Sametime
 CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...)
@@ -716,7 +736,8 @@
 	[squeeze] - ruby1.9 <no-dsa> (Minor issue)
 	- ruby1.9.1 1.9.2.180-1 (bug #615519)
 CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...)
-	- clamav 0.97+dfsg-1
+	- clamav 0.97+dfsg-1 (low)
+	[squeeze] - clamav <no-dsa> (Minor issue)
 	[lenny] - clamav <end-of-life>
 	NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
 	NOTE: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
@@ -2281,7 +2302,7 @@
 	RESERVED
 CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative ...)
 	- bind9 <unfixed>
-	TODO: check
+	[lenny] - bind9 <not-affected> (Introduced in 9.7.1)
 CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...)
 	{DSA-2184-1}
 	- isc-dhcp 4.1.1-P1-16 (bug #611217)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-03-08 09:50:51 UTC (rev 16325)
+++ data/spu-candidates.txt	2011-03-08 10:10:01 UTC (rev 16326)
@@ -14,6 +14,13 @@
 
 --
 
+clamav (CVE-2011-1003)
+https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486
+http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
+
+
+--
+
 conky (CVE-2011-XXXX)
 #612033

More information about the Secure-testing-commits mailing list