[Secure-testing-commits] r17393 - in data: . CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sat Oct 8 14:21:55 UTC 2011 

Author: thijs
Date: 2011-10-08 14:21:55 +0000 (Sat, 08 Oct 2011)
New Revision: 17393

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
squeeze point release 6.0.3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-10-08 13:16:41 UTC (rev 17392)
+++ data/CVE/list	2011-10-08 14:21:55 UTC (rev 17393)
@@ -1516,7 +1516,7 @@
 	NOT-FOR-US: IBM Rational Build Forge
 CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel ...)
 	- quassel 0.7.3-1 (low; bug #640960)
-	[squeeze] - quassel <no-dsa> (Minor issue)
+	[squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960)
 	NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
 CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
 	NOT-FOR-US: IBM OpenAdmin Too
@@ -1982,7 +1982,7 @@
 CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through ...)
 	- openssl 1.0.0e-1
 	[lenny] - openssl 0.9.8g-15+lenny13
-	[squeeze] - openssl <no-dsa> (Minor issue)
+	[squeeze] - openssl 0.9.8o-4squeeze3
 CVE-2011-3209
 	RESERVED
 CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...)
@@ -2720,7 +2720,7 @@
 CVE-2011-XXXX [atop insecure tempfile handling]
 	- atop 1.23-1.1 (low; bug #622794)
 	[lenny] - atop 1.23-1+lenny1 (bug #622794)
-	[squeeze] - atop <no-dsa> (Minor issue)
+	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
 CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava ...)
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk ...)
@@ -3309,7 +3309,7 @@
 CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...)
 	- openarena 0.8.5-5+exp1
 	NOTE: Current openarena packages use the share ioquake3 engine
-	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
+	[squeeze] - openarena 0.8.5-5+squeeze1
 	- ioquake3 1.36+svn1946-4
 CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
 	TODO: check
@@ -3542,7 +3542,7 @@
 	RESERVED
 	- foo2zjs 20110722dfsg-1 (low; bug #633870)
 	[lenny] - foo2zjs <no-dsa> (Minor issue)
-	[squeeze] - foo2zjs <no-dsa> (Minor issue)
+	[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
 CVE-2011-2683
 	RESERVED
 	- reseed <removed>
@@ -3981,7 +3981,7 @@
 	- libvirt 0.9.2-7 (bug #633630)
 CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature ...)
 	- dokuwiki 0.0.20110525a-1 (low; bug #631818)
-	[squeeze] - dokuwiki <no-dsa> (Minor issue, will be fixed in point update)
+	[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
 	[lenny] - dokuwiki 0.0.20080505-4+lenny3
 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
 	- joomla <itp> (bug #571794)
@@ -4816,7 +4816,7 @@
 	RESERVED
 	- vte 1:0.28.1-1 (low; bug #629688)
 	[lenny] - vte <no-dsa> (Minor issue)
-	[squeeze] - vte <no-dsa> (Minor issue)
+	[squeeze] - vte 1:0.24.3-3
 CVE-2011-XXXX [libpam-ssh: pam_ssh not dropping root gid(s)]
 	- libpam-ssh <unfixed> (low)
 	[squeeze] - libpam-ssh <no-dsa> (Minor issue) 
@@ -5485,7 +5485,7 @@
 CVE-2011-1935 [packet truncation in libpcap]
 	RESERVED
 	- libpcap 1.1.1-4 (low; bug #623868)
-	[squeeze] - libpcap <no-dsa> (Minor issue)
+	[squeeze] - libpcap 1.1.1-2+squeeze1
 	[lenny] - libpcap <not-affected> 
 	NOTE: <878vsbyviu.fsf at silenus.orebokech.com>
 CVE-2011-1934 [lilo: lilo.conf world-readable]
@@ -5549,7 +5549,7 @@
 	- subversion 1.6.17dfsg-1
 CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111 ...)
 	- pmake 1.111-3 (low; bug #626673)
-	[squeeze] - pmake <no-dsa> (Minor issue)
+	[squeeze] - pmake 1.111-2+squeeze1
 	[lenny] - pmake 1.111-1+lenny1
 CVE-2011-1919
 	RESERVED
@@ -6748,7 +6748,7 @@
 	[lenny] - tinyproxy <not-affected> (Vulnerable code not present)
 CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...)
 	- httpcomponents-client 4.1.1-1 (bug #628727)
-	[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
+	[squeeze] - httpcomponents-client 4.0.1-1squeeze1
 	NOTE: http://seclists.org/oss-sec/2011/q2/188
 	NOTE: http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
 CVE-2011-1497
@@ -8112,7 +8112,7 @@
 CVE-2011-1070
 	RESERVED
 	- v86d 0.1.10-1 (low; bug #619404)
-	[squeeze] - v86d <no-dsa> (Minor issue)
+	[squeeze] - v86d 0.1.9-1+squeeze1
 	[lenny] - v86d 0.1.5.2-1+lenny1
 CVE-2011-1069
 	RESERVED
@@ -8973,15 +8973,15 @@
 CVE-2011-1136 [tesseract tempfile]
 	RESERVED
 	- tesseract 2.04-2.1 (low; bug #612032)
-	[squeeze] - tesseract <no-dsa> (Minor issue)
+	[squeeze] - tesseract 2.04-2+squeeze1
 	[lenny] - tesseract 2.03-2+lenny1 (bug #612032)
 CVE-2011-XXXX [conky tempfile]
 	- conky 1.8.0-1.1 (low; bug #612033)
-	[squeeze] - conky <no-dsa> (Minor issue)
+	[squeeze] - conky 1.8.0-1+squeeze1
 	[lenny] - conky 1.6.0-2+lenny1
 CVE-2011-XXXX [aptitude tempfile]
 	- aptitude 0.6.3-4 (low; bug #612034)
-	[squeeze] - aptitude <no-dsa> (Minor issue)
+	[squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034)
 	[lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034)
 CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote ...)
 	NOT-FOR-US: PivotX
@@ -9956,7 +9956,7 @@
 	RESERVED
 	- evince 2.32.0-1 (bug #614668)
 	- vftool 2.0alpha-4.1 (low; bug #614669)
-	[squeeze] - vftool <no-dsa> (Minor issue)
+	[squeeze] - vftool 2.0alpha-4+squeeze1
 	[lenny] - vftool 2.0alpha-3+lenny1
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
 CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in ...)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2011-10-08 13:16:41 UTC (rev 17392)
+++ data/next-point-update.txt	2011-10-08 14:21:55 UTC (rev 17393)
@@ -1,32 +1,3 @@
-CVE-2011-1498
-	[squeeze] - httpcomponents-client 4.0.1-1squeeze1
-CVE-2011-2510
-	[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
-CVE-2011-0433
-	[squeeze] - vftool 2.0alpha-4+squeeze1
-CVE-2011-1935
-	[squeeze] - libpcap 1.1.1-2+squeeze1
-CVE-2011-1136
-	[squeeze] - tesseract 2.04-2+squeeze1
-CVE-2011-2764
-	[squeeze] - openarena 0.8.5-5+squeeze1
-CVE-2011-XXXX
-	[squeeze] - conky 1.8.0-1+squeeze1
-CVE-2011-2684
-	[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
-CVE-2011-1920
-	[squeeze] - pmake 1.111-2+squeeze1
-CVE-2011-2198
-	[squeeze] - vte 1:0.24.3-3
-CVE-2011-XXXX
-	[squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034)
-CVE-2011-XXXX
-	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
-CVE-2011-3354
-	[squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960)
-CVE-2011-1070
-	RESERVED
-	[squeeze] - v86d 0.1.9-1+squeeze1
 CVE-2011-XXXX [unsafe use of eval]
 	- libdigest-perl 1.16-1+squeeze1

More information about the Secure-testing-commits mailing list