[Secure-testing-commits] r17543 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Nov 2 17:25:51 UTC 2011 

Author: jmm
Date: 2011-11-02 17:25:51 +0000 (Wed, 02 Nov 2011)
New Revision: 17543

Modified:
   data/CVE/list
Log:
- mark Firefox/HSTS as unimportant
- piston CVEfied
- net6 fixed, fix bugnum for CVE-2011-4091
- new wireshark issues, fixed in sid


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-02 10:56:32 UTC (rev 17542)
+++ data/CVE/list	2011-11-02 17:25:51 UTC (rev 17543)
@@ -1,6 +1,5 @@
-CVE-2011-XXXX [Django-piston and Tastypie]
+CVE-2011-XXXX [Tastypie]
 	- django-tastypie 0.9.10-1 (bug #647314)
-	- python-django-piston <unfixed> (bug #647315)
 CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before ...)
 	NOT-FOR-US: Google App Engine
 CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before ...)
@@ -295,12 +294,24 @@
 	RESERVED
 CVE-2011-4103
 	RESERVED
+	- python-django-piston <unfixed> (bug #647315)
 CVE-2011-4102
 	RESERVED
+	- wireshark 1.6.3-1
+	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
+	NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
+	NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches
 CVE-2011-4101
 	RESERVED
+	- wireshark 1.6.3-1 (unimportant)
+	NOTE: no code injection, not treated as a security issue, see README.Debian.security
+	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
 CVE-2011-4100
 	RESERVED
+	- wireshark 1.6.3-1
+	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
+	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
+	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
 CVE-2011-4099
 	RESERVED
 CVE-2011-4098
@@ -318,7 +329,7 @@
 	RESERVED
 CVE-2011-4093
 	RESERVED
-	- net6 <unfixed> (low; bug #647318)
+	- net6 1:1.3.14-1 (low; bug #647318)
 	[squeeze] - net6 <no-dsa> (Minor issue)
 	[lenny] - net6 <no-dsa> (Minor issue)
 CVE-2011-4092
@@ -330,7 +341,7 @@
 	RESERVED
 	[squeeze] - net6 <no-dsa> (Minor issue)
 	[lenny] - net6 <no-dsa> (Minor issue)
-	- net6 <unfixed> (low; bug #647317)
+	- net6 1:1.3.14-1 (low; bug #647318)
 CVE-2011-4090
 	RESERVED
 CVE-2011-4089
@@ -3264,7 +3275,9 @@
 	- chromium-browser 4.0.211.0
 	- webkit <not-affected>
 CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to ...)
-	- iceweasel 4.0-1
+	- iceweasel 4.0-1 (unimportant)
+	NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately
+	NOTE: a security feature enhancement
 CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...)
 	- bugzilla 3.0.4-1
 CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint ...)

More information about the Secure-testing-commits mailing list