[Secure-testing-commits] r17184 - in data: CVE DSA
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Sep 7 15:26:01 UTC 2011
Author: jmm
Date: 2011-09-07 15:26:01 +0000 (Wed, 07 Sep 2011)
New Revision: 17184
Modified:
data/CVE/list
data/DSA/list
Log:
libxml2 CVEfied, fixup old DSA entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-09-07 15:20:42 UTC (rev 17183)
+++ data/CVE/list 2011-09-07 15:26:01 UTC (rev 17184)
@@ -3161,8 +3161,6 @@
[lenny] - asterisk <not-affected> (Only affects 1.8)
[squeeze] - asterisk <not-affected> (Only affects 1.8)
NOTE: http://downloads.digium.com/pub/security/AST-2011-007.html
-CVE-2011-XXXX [libxml2 overflows]
- - libxml2 2.7.8.dfsg-3 (bug #628537)
CVE-2011-XXXX [unspecified security vulnerabilities]
- movabletype-opensource 4.3.6+dfsg-1 (bug #627936)
[squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2
@@ -3677,7 +3675,7 @@
CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...)
- openssl <unfixed> (low)
CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...)
- TODO: check
+ - libxml2 2.7.8.dfsg-3 (bug #628537)
CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in ...)
- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2011-09-07 15:20:42 UTC (rev 17183)
+++ data/DSA/list 2011-09-07 15:26:01 UTC (rev 17184)
@@ -170,6 +170,7 @@
{CVE-2009-5022}
[squeeze] - tiff 3.9.4-5+squeeze2
[06 Jun 2011] DSA-2255-1 libxml2 - buffer overflow
+ {CVE-2011-1944}
[lenny] - libxml2 2.6.32.dfsg-5+lenny4
[squeeze] - libxml2 2.7.8.dfsg-2+squeeze1
[04 Jun 2011] DSA-2254-1 oprofile - command injection
More information about the Secure-testing-commits
mailing list