[Secure-testing-commits] r17400 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2011-10-10 07:45:04 +0000 (Mon, 10 Oct 2011)
New Revision: 17400

Modified:
   data/CVE/list
   data/next-oldstable-point-update.txt
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
record remaining security fixes from 6.0.3 point update


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-10-10 00:39:18 UTC (rev 17399)
+++ data/CVE/list	2011-10-10 07:45:04 UTC (rev 17400)
@@ -1,3 +1,15 @@
+CVE-2011-XXXX [lintian disclosure of file presense]
+	- lintian 2.5.2 (unimportant)
+	[squeeze] - lintian 2.4.3+squeeze1
+CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues]
+	- ibid 0.1.1+dfsg-1
+	[squeeze] - ibid 0.1.0+dfsg-2+squeeze1
+CVE-2011-XXXX [SA-CORE-2011-001]
+	NOTE: http://drupal.org/node/1168756
+	- drupal7 7.2-1
+	- drupal6 6.22-1
+	[squeeze] - drupal6 6.18-1squeeze1
+	TODO: Check status of "Reflected cross site scripting vulnerability in error handler" in Squeeze
 CVE-2011-4025
 	RESERVED
 CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
@@ -1013,7 +1025,7 @@
 	- libdigest-perl 1.17-1 (low; bug #644108)
 	[lenny] - libdigest-perl <no-dsa> (Minor issue)
 	[squeeze] - libdigest-perl <no-dsa> (Minor issue)
-	- perl <unfixed> (low)
+	- perl 5.12.4-6 (low)
 	[lenny] - perl <no-dsa> (Minor issue)
 	[squeeze] - perl <no-dsa> (Minor issue)
 	NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
@@ -1059,8 +1071,8 @@
 CVE-2011-3584 [TYPO3-SA-2011-003]
 	RESERVED
 	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
-	[squeeze] - typo3-src <no-dsa> (Minor issue, will be fixed through point update)
-	[lenny] - typo3-src <not-affected> (Minor issue, will be fixed through point update)
+	[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
+	[lenny] - typo3-src <no-dsa> (Minor issue, will be fixed through point update)
 CVE-2011-3583 [TYPO3-SA-2011-002]
 	RESERVED
 	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)

Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt	2011-10-10 00:39:18 UTC (rev 17399)
+++ data/next-oldstable-point-update.txt	2011-10-10 07:45:04 UTC (rev 17400)
@@ -1,4 +1,6 @@
 CVE-2011-XXXX [unsafe use of eval]
 	- libdigest-perl 1.15-2+lenny1
+CVE-2011-3584 [TYPO3-SA-2011-003]
+	[lenny] - typo3-src 4.2.5-1+lenny9
 
 

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt	2011-10-10 00:39:18 UTC (rev 17399)
+++ data/ospu-candidates.txt	2011-10-10 07:45:04 UTC (rev 17400)
@@ -522,6 +522,10 @@
 
 --
 
+perl (CVE-2011-3597)
+
+--
+
 phpbb3 (CVE-2010-1630, 1627)
 
 --

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2011-10-10 00:39:18 UTC (rev 17399)
+++ data/spu-candidates.txt	2011-10-10 07:45:04 UTC (rev 17400)
@@ -65,6 +65,10 @@
 
 --
 
+perl (CVE-2011-3597)
+
+--
+
 pidgin (CVE-2011-XXXX, CVE-2011-1091)
 http://www.pidgin.im/news/security/?id=50