[Secure-testing-commits] r17372 - in data: . CVE

Wed Oct 5 15:25:45 UTC 2011

Author: jmm
Date: 2011-10-05 15:25:44 +0000 (Wed, 05 Oct 2011)
New Revision: 17372

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- mutt no-dsa
- new issues in kdelibs, rekonq, chromium and moin
- new libreoffice issue (already fixed in sid and DSA already)
- fix broken cups entry, this was typod


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-10-05 15:03:59 UTC (rev 17371)
+++ data/CVE/list	2011-10-05 15:25:44 UTC (rev 17372)
@@ -220,6 +220,8 @@
 	RESERVED
 CVE-2011-3873
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-XXXX [Fix file indirectory injection]
 	- puppet 2.7.3-3 (unimportant)
 	[squeeze] - puppet 2.6.2-5+squeeze1
@@ -1387,8 +1389,14 @@
 	RESERVED
 CVE-2011-3366
 	RESERVED
+	- rekonq <unfixed>
+	TODO: File bugs
+	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
 CVE-2011-3365
 	RESERVED
+	- kde4libs <unfixed>
+	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
+	TODO: File bugs
 CVE-2011-3364
 	RESERVED
 CVE-2011-3363
@@ -2704,17 +2712,28 @@
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2881
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2880
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2879
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2878
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2877
 	RESERVED
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2876
 	RESERVED
-	- cups 1.5.0-8
+	- chromium-browser 14.0.835.202~r103287-1
+	- libv8 <undetermined>
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	[squeeze] - chromium-browser <not-affected>
@@ -3211,6 +3230,9 @@
 	NOT-FOR-US: Drupal data module
 CVE-2011-2713
 	RESERVED
+	- libreoffice 1:3.4.3-1
+	- openoffice.org 1:3.3.0-1
+	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
 CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
 	TODO: check
 CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...)
@@ -6822,6 +6844,8 @@
 	NOT-FOR-US: Ipswitch IMail
 CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
 	- mutt 1.5.21-5 (low; bug #619216)
+	[squeeze] - mutt <no-dsa> (Minor issue)
+	[lenny] - mutt <no-dsa> (Minor issue)
 	NOTE: http://dev.mutt.org/trac/ticket/3506
 CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
 	NOT-FOR-US: WeeChat
@@ -7898,8 +7922,7 @@
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
 	NOT-FOR-US: s389 LDAP server
 CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
-	- moin <unfixed>
-	TODO: check
+	- moin 1.9.3-3
 CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
 	NOT-FOR-US: Metasploit Framework
 CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-10-05 15:03:59 UTC (rev 17371)
+++ data/ospu-candidates.txt	2011-10-05 15:25:44 UTC (rev 17372)
@@ -475,6 +475,11 @@
 
 --
 
+mutt (CVE-2011-1429)
+#619216
+
+--
+
 mpg123 (CVE-2009-1301)
 notified maintainer
 

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-10-05 15:03:59 UTC (rev 17371)
+++ data/spu-candidates.txt	2011-10-05 15:25:44 UTC (rev 17372)
@@ -48,6 +48,11 @@
 
 --
 
+mutt (CVE-2011-1429)
+#619216
+
+--
+
 open-vm-tools (CVE-2011-1681)
 #623968
 waiting stable


