[Secure-testing-commits] r17669 - in data: . CVE DSA

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-11-23 17:37:24 +0000 (Wed, 23 Nov 2011)
New Revision: 17669

Modified:
   data/CVE/list
   data/DSA/list
   data/next-point-update.txt
   data/spu-candidates.txt
Log:
- add missing CVE ID to icedove DSA
- aptdaemon fixed in sid, doesn't affect stable
- gdk-pixbuf no-dsa
- record nginx spu upload
- record joomla dupe


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-23 09:14:21 UTC (rev 17668)
+++ data/CVE/list	2011-11-23 17:37:24 UTC (rev 17669)
@@ -5219,7 +5219,7 @@
 	RESERVED
 CVE-2011-2708
 	RESERVED
-	NOTE: duplicate of CVE-2011-2710
+	NOTE: duplicate of CVE-2011-2710, will be rejected
 CVE-2011-2707
 	RESERVED
 	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
@@ -5836,6 +5836,8 @@
 CVE-2011-2485 [excessive memory use due improper checking of certain return values in GIF image loader]
 	RESERVED
 	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
+	[squeeze] - gdk-pixbuf <no-dsa> (Minor issue)
+	[lenny] - gdk-pixbuf <no-dsa> (Minor issue)
 CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux ...)
 	{DSA-2310-1 DSA-2303-1}
 	- linux-2.6 2.6.39-3 (low)
@@ -10905,9 +10907,8 @@
 	[lenny] - linux-2.6 2.6.26-26lenny3
 	[squeeze] - linux-2.6 2.6.32-32
 CVE-2011-0725 (Absolute path traversal vulnerability in the ...)
-	- aptdaemon <unfixed>
-	TODO: check
-	NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/722228
+	- aptdaemon 0.43+bzr707-1
+	[squeeze] - aptdaemon <not-affected> (Introduced in 0.33)
 CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not ...)
 	- italc <not-affected> (Only Edubuntu Live DVD affected)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2011-11-23 09:14:21 UTC (rev 17668)
+++ data/DSA/list	2011-11-23 17:37:24 UTC (rev 17669)
@@ -289,7 +289,7 @@
 	[squeeze] - wireshark 1.2.11-6+squeeze2
 	[lenny] - wireshark 1.0.2-3+lenny14
 [06 Jul 2011] DSA-2273-3 icedove - multiple issues
-	{CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376}
+	{CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605}
 	[squeeze] - icedove 3.0.11-1+squeeze3
 [05 Jul 2011] DSA-2272-1 bind9 - denial of service
 	{CVE-2011-2464}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2011-11-23 09:14:21 UTC (rev 17668)
+++ data/next-point-update.txt	2011-11-23 17:37:24 UTC (rev 17669)
@@ -8,4 +8,8 @@
 	[squeeze] - xorg-server 2:1.7.7-14
 CVE-2010-4818
 	[squeeze] - xorg-server 2:1.7.7-14
+CVE-2011-4315
+	[squeeze] - nginx 0.7.67-3+squeeze1
 
+
+

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-11-23 09:14:21 UTC (rev 17668)
+++ data/spu-candidates.txt	2011-11-23 17:37:24 UTC (rev 17669)
@@ -53,6 +53,11 @@
 
 --
 
+gdk-pixbuf (CVE-2011-2485)
+#631524
+
+--
+
 gnash (CVE-2011-4328)
 #649384