[Secure-testing-commits] r17682 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Nov 25 17:41:17 UTC 2011 

Author: jmm
Date: 2011-11-25 17:41:17 +0000 (Fri, 25 Nov 2011)
New Revision: 17682

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
colord CVEfied and bug filed (sid/testing only)
update hplip status, thanks to odyx for the investigation
hplip/CVE-2011-2722 (remaining for stable) is too minor on
  it's own -> no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-11-25 17:20:02 UTC (rev 17681)
+++ data/CVE/list	2011-11-25 17:41:17 UTC (rev 17682)
@@ -1,5 +1,3 @@
-CVE-2011-XXXX
-	- colord <unfixed> (bug filed)
 CVE-2011-4539
 	RESERVED
 CVE-2011-4538
@@ -461,6 +459,7 @@
 	RESERVED
 CVE-2011-4349
 	RESERVED
+	- colord <unfixed> (medium; bug #650021)
 CVE-2011-4348
 	RESERVED
 CVE-2011-4347
@@ -5252,6 +5251,8 @@
 CVE-2011-2722
 	RESERVED
 	- hplip <unfixed> (bug #635549; low)
+	[squeeze] - hplip <no-dsa> (Minor issue)
+	[lenny] - hplip <not-affected> (Vulnerable code not present)
 CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in ...)
 	- clamav 0.97.2+dfsg-1 (bug #635599)
 	[squeeze] - clamav 0.97.2+dfsg-1~squeeze1
@@ -5332,7 +5333,9 @@
 	- wireshark 1.6.1-1 (unimportant)
 	NOTE: no code injection, not treated as a security issue, see README.Debian.security
 CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 ...)
-	- hplip <unfixed> (bug #635549; medium)
+	- hplip 3.10.6-2 (bug #635549; medium)
+	NOTE: hplip might have been fixed earlier than stable, current versions use foomatic-rip
+        NOTE: from foomatic-filters: /usr/lib/cups/filter/foomatic-rip
 	- foomatic-filters 4.0
 	NOTE: There two implementation of the affected filter: the version from foomatic-filters
 	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-11-25 17:20:02 UTC (rev 17681)
+++ data/spu-candidates.txt	2011-11-25 17:41:17 UTC (rev 17682)
@@ -73,6 +73,12 @@
 
 --
 
+hplip (CVE-2011-2722)
+#635549
+proposed spu in #635549
+
+--
+
 loggerhead (CVE-2011-0728)
 
 --

More information about the Secure-testing-commits mailing list