[Secure-testing-commits] r17329 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu Sep 29 10:22:31 UTC 2011 

Author: jmm
Date: 2011-09-29 10:22:30 +0000 (Thu, 29 Sep 2011)
New Revision: 17329

Modified:
   data/CVE/list
Log:
- iceape fixed
- new gimp issue
- new cups issues (needs ticket)
- apt CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-09-29 09:14:19 UTC (rev 17328)
+++ data/CVE/list	2011-09-29 10:22:30 UTC (rev 17329)
@@ -484,9 +484,6 @@
 	NOTE: CVE id requested on oss-security
 CVE-2011-XXXX [roundcube XSS in UI messages]
 	- roundcube 0.5.4+dfsg-1 (bug #641996)
-CVE-2011-XXXX [apt-key insecure validation]
-	- apt <unfixed> (unimportant; bug #642480)
-	NOTE: Not exploitable in Debian, since no keyring URI is defined
 CVE-2011-XXXX [atftp DoS]
 	- atftp 0.7.dfsg-11
 CVE-2011-3644
@@ -1111,8 +1108,10 @@
 	RESERVED
 CVE-2011-3375
 	RESERVED
-CVE-2011-3374
+CVE-2011-3374 [apt-key insecure validation]
 	RESERVED
+	- apt <unfixed> (unimportant; bug #642480)
+	NOTE: Not exploitable in Debian, since no keyring URI is defined
 CVE-2011-3373
 	RESERVED
 CVE-2011-3372
@@ -1627,6 +1626,7 @@
 	RESERVED
 CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and ...)
 	- cups 1.5.0-8
+	NOTE: This ID is for an incomplete fix for CVE-2011-2896
 CVE-2010-4824
 	RESERVED
 CVE-2010-4823
@@ -2054,7 +2054,7 @@
 	- xulrunner <removed>
 	- iceweasel 7.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
+	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2999
 	RESERVED
@@ -2062,7 +2062,7 @@
 	- xulrunner <removed>
 	- iceweasel 7.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
+	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2998 [http://www.mozilla.org/security/announce/2011/mfsa2011-37.html]
 	RESERVED
@@ -2070,7 +2070,7 @@
 	- xulrunner <removed>
 	- iceweasel 7.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
+	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 	NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
 CVE-2011-2997
@@ -2092,7 +2092,7 @@
 	- xulrunner <removed>
 	- iceweasel 7.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
+	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2994
 	RESERVED
@@ -2416,7 +2416,9 @@
 CVE-2011-2897
 	RESERVED
 CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...)
-	TODO: check
+	- cups 1.5.0-8
+	- gimp <unfixed> (bug filed)
+	TODO: There's more: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896
 CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in ...)
 	{DSA-2293-1}
 	- libxfont 1:1.4.4-1
@@ -2460,6 +2462,7 @@
 	RESERVED
 CVE-2011-2876
 	RESERVED
+	- cups 1.5.0-8
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	[squeeze] - chromium-browser <not-affected>
@@ -3828,7 +3831,7 @@
 	- xulrunner <removed>
 	- iceweasel 7.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
+	- iceape 2.0.14-8
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox ...)
 	{DSA-2273-3 DSA-2269-1 DSA-2268-1}

More information about the Secure-testing-commits mailing list