[Secure-testing-commits] r16409 - in data: . CVE

Jonathan Wiltshire jmw at alioth.debian.org
Mon Mar 21 15:52:12 UTC 2011 

Author: jmw
Date: 2011-03-21 15:52:09 +0000 (Mon, 21 Mar 2011)
New Revision: 16409

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
feedparser CVEs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-03-20 19:30:16 UTC (rev 16408)
+++ data/CVE/list	2011-03-21 15:52:09 UTC (rev 16409)
@@ -630,12 +630,30 @@
 	RESERVED
 CVE-2011-1159
 	RESERVED
-CVE-2011-1158
+CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
 	RESERVED
-CVE-2011-1157
+	- feedparser <unfixed> (low; bug #617998)
+	[squeeze] - feedparser <no-dsa> (Minor issue)
+	[lenny] - feedparser <no-dsa> (Minor issue)
+	NOTE: https://code.google.com/p/feedparser/issues/detail?id=255
+CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]
 	RESERVED
-CVE-2011-1156
+	- feedparser <unfixed> (low; bug #617998)
+	[squeeze] - feedparser <no-dsa> (Minor issue)
+	[lenny] - feedparser <no-dsa> (Minor issue)
+	NOTE: https://code.google.com/p/feedparser/issues/detail?id=254
+CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash]
 	RESERVED
+	- feedparser <unfixed> (low; bug #617998)
+	[squeeze] - feedparser <no-dsa> (Minor issue)
+	[lenny] - feedparser <no-dsa> (Minor issue)
+	NOTE: https://code.google.com/p/feedparser/issues/detail?id=91
+CVE-2011-XXXX [XSS vuln]
+	- feedparser <unfixed> (low; bug #617998)
+	[squeeze] - feedparser <no-dsa> (Minor issue)
+	[lenny] - feedparser <no-dsa> (Minor issue)
+	NOTE: CVE requested
+	NOTE: http://code.google.com/p/feedparser/issues/detail?id=195
 CVE-2011-1155
 	RESERVED
 CVE-2011-1154

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-03-20 19:30:16 UTC (rev 16408)
+++ data/ospu-candidates.txt	2011-03-21 15:52:09 UTC (rev 16409)
@@ -158,6 +158,16 @@
 
 --
 
+feedparser
+CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
+CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]
+CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash]
+CVE-2011-XXXX [XSS vuln]
+#617998
+waiting unstable
+
+--
+
 feh (CVE-2011-XXXX)
 #612035
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-03-20 19:30:16 UTC (rev 16408)
+++ data/spu-candidates.txt	2011-03-21 15:52:09 UTC (rev 16409)
@@ -26,6 +26,16 @@
 
 --
 
+feedparser
+CVE-2011-1158 [sanitizer doesn't strip unsafe URI schemes]
+CVE-2011-1157 [sanitization can be bypassed by malformed XML comments]
+CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash]
+CVE-2011-XXXX [XSS vuln]
+#617998
+waiting unstable
+
+--
+
 feh (CVE-2011-0702)
 #612035
 waiting unstable

More information about the Secure-testing-commits mailing list