[Secure-testing-commits] r17474 - data/CVE

Fri Oct 21 14:06:19 UTC 2011

Author: jmm
Date: 2011-10-21 14:06:18 +0000 (Fri, 21 Oct 2011)
New Revision: 17474

Modified:
   data/CVE/list
Log:
- django CVEfied
- xorg-server no-dsa (XSF will prepare update for squeeze)
- new qemu-kvm issue
- new freetype issue


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-10-21 11:54:28 UTC (rev 17473)
+++ data/CVE/list	2011-10-21 14:06:18 UTC (rev 17474)
@@ -19,15 +19,15 @@
 CVE-2011-4141
 	RESERVED
 CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x ...)
-	TODO: check
+	- python-django 1.3.1-1 (bug #641405)
 CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ...)
-	TODO: check
+	- python-django 1.3.1-1 (bug #641405)
 CVE-2011-4138 (The verify_exists functionality in the URLField implementation in ...)
-	TODO: check
+	- python-django 1.3.1-1 (bug #641405)
 CVE-2011-4137 (The verify_exists functionality in the URLField implementation in ...)
-	TODO: check
+	- python-django 1.3.1-1 (bug #641405)
 CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...)
-	TODO: check
+	- python-django 1.3.1-1 (bug #641405)
 CVE-2011-4135
 	RESERVED
 CVE-2011-4134
@@ -260,11 +260,15 @@
 	- plone3 <not-affected> (Only affects Plone 4.x)
 CVE-2011-4029
 	RESERVED
-	- xorg-server <unfixed>
+	- xorg-server 2:1.11.1.901-2 (low)
+	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
 CVE-2011-4028
 	RESERVED
-	- xorg-server <unfixed> (low)
+	- xorg-server 2:1.11.1.901-2 (low)
+	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
 CVE-2011-4027
 	RESERVED
@@ -1913,11 +1917,6 @@
 CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...)
 	NOT-FOR-US: Drupal module Flag Content
 	NOTE: might get packaged
-CVE-2011-XXXX [Django several vulnerabilities]
-	- python-django 1.3.1-1 (bug #641405)
-	NOTE: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/
-	NOTE: https://www.djangoproject.com/weblog/2011/sep/10/127/
-	NOTE: CVE id requested on oss-security
 CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
 	- wireshark <unfixed>
 	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
@@ -2170,6 +2169,7 @@
 	RESERVED
 CVE-2011-3346
 	RESERVED
+	- qemu-kvm <unfixed> (bug #646118)
 CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
 	- ofa-kernel <itp> (bug #541849)
 CVE-2011-3344
@@ -2385,7 +2385,7 @@
 CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-3256 (FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers ...)
-	NOT-FOR-US: Apple iOS
+	- freetype <unfixed> (bug #646120)
 CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS ...)
@@ -2632,9 +2632,12 @@
 	RESERVED
 	- xorg-server 2:1.9.0.901-1
 	[squeeze] - xorg-server 2:1.7.7-4
+	[lenny] - xorg-server <no-dsa> (Minor issue)
 CVE-2010-4818 [X.org multiple input sanitization flaws]
 	RESERVED
 	- xorg-server 2:1.9.99.902-1
+	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact:
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4


