[Secure-testing-commits] r20730 - in data: CVE DSA

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Dec 28 21:15:31 UTC 2012 

Author: jmm
Date: 2012-12-28 21:15:31 +0000 (Fri, 28 Dec 2012)
New Revision: 20730

Modified:
   data/CVE/list
   data/DSA/list
Log:
no-dsa: dbus, freeradius, feedparser, libvorbisidec, snack
fix up old trousers entry, already fixed through DSA
cleanup more old mozilla issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-12-28 21:14:31 UTC (rev 20729)
+++ data/CVE/list	2012-12-28 21:15:31 UTC (rev 20730)
@@ -1488,7 +1488,8 @@
 	RESERVED
 CVE-2012-6303 [WaveSurfer and Snack Sound Toolkit buffer overflows]
 	RESERVED
-	- snack <unfixed> (bug #695614)
+	- snack <unfixed> (low; bug #695614)
+	[squeeze] - snack <no-dsa> (Minor issue)
 	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
 	NOTE: http://secunia.com/advisories/49889/
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
@@ -6650,7 +6651,6 @@
 CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
 	- openjdk-7 7u3-2.1.3-1 (bug #690774)
 	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
-	- sun-java6 <removed>
 CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...)
 	- libguac 0.6.0-2 (medium)
 	NOTE: maintainer contacted us, working on update
@@ -7314,6 +7314,9 @@
 	- iceweasel 10.0.8esr-1
 	- icedove 10.0.9-1
 	- iceape 2.7.9-1
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
 	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
 	- iceweasel 10.0.8esr-1
@@ -7759,6 +7762,9 @@
 	- iceweasel 10.0.8esr-1
 	- icedove 10.0.9-1
 	- iceape 2.7.9-1
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
 	- icedove 10.0.9-1
@@ -8855,6 +8861,7 @@
 	- jabberd2 <unfixed> (bug #685666)
 CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
 	- dbus 1.6.8-1 (bug #689070)
+	[squeeze] - dbus <no-dsa> (Minor issue in Squeeze, will be fixed in spu)
 	- glib2.0 2.33.12+really2.32.4-2
 	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
 	NOTE: fixed in 2.34.0-1 from experimental 
@@ -9957,6 +9964,7 @@
 	NOT-FOR-US: Oracle Fusion Middleware
 CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla ...)
 	- iceweasel 10.0.5esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2012-3104
 	RESERVED
 CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly ...)
@@ -10349,7 +10357,8 @@
 	- drupal7 <unfixed> (unimportant)
 	NOTE: Path disclosure irrelevant for Debian
 CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before ...)
-	- feedparser 5.1.2-1 (bug #674167)
+	- feedparser 5.1.2-1 (low; bug #674167)
+	[squeeze] - feedparser <no-dsa> (Minor issue)
 CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...)
 	NOT-FOR-US: WordPress User Photo plugin
 CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto ...)
@@ -12970,9 +12979,10 @@
 	- iceweasel 10.0.5esr-1
 	- icedove 10.0.5-1
 CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ...)
-	{DSA-2499-1}
 	- iceweasel 10.0.5esr-1
 	- icedove 10.0.5-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <not-affected> (Only affects iceweasel from experimental)
 CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
@@ -15889,7 +15899,6 @@
 CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
 	{DSA-2576-1}
 	- trousers 0.3.9-1 (low; bug #692649)
-	[squeeze] - trousers <no-dsa> (Minor issue)
 CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
 	NOT-FOR-US: WebSphere
 CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
@@ -17298,6 +17307,7 @@
 CVE-2011-4966
 	RESERVED
 	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
+	[squeeze] - freeradius <no-dsa> (Minor issue)
 CVE-2011-4965
 	RESERVED
 CVE-2011-4964
@@ -49289,6 +49299,7 @@
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
 	{DSA-1939-1}
 	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
 	- libvorbis 1.2.3-1 (medium)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -52023,6 +52034,7 @@
 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
 	{DSA-1939-1}
 	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
+	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
 	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
 	- xulrunner 1.9.1.2-1 (medium; bug #540961)
 	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
@@ -70671,6 +70683,7 @@
 	NOT-FOR-US: Windows
 CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
 	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
 	- libvorbis 1.2.0.dfsg-4 (bug #482039)
 	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
 	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
@@ -72076,6 +72089,7 @@
 CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
 	{DSA-1591-1}
 	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
 	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
 CVE-2008-1422
 	RESERVED
@@ -72088,6 +72102,7 @@
 CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
 	{DSA-1591-1}
 	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
 	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
 CVE-2008-1418
 	RESERVED

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2012-12-28 21:14:31 UTC (rev 20729)
+++ data/DSA/list	2012-12-28 21:15:31 UTC (rev 20730)
@@ -284,7 +284,7 @@
 	{CVE-2012-1118 CVE-2012-1119 CVE-2012-1120 CVE-2012-1122 CVE-2012-1123 CVE-2012-2692}
 	[squeeze] - mantis 1.1.8+dfsg-10squeeze2
 [24 Jun 2012] DSA-2499-1 icedove - several
-	{CVE-2012-1937 CVE-2012-1939 CVE-2012-1940}
+	{CVE-2012-1937 CVE-2012-1940 CVE-2012-1947}
 	[squeeze] - icedove 3.0.11-1+squeeze11
 [23 Jun 2012] DSA-2498-1 dhcpcd - remote stack overflow
 	{CVE-2012-2152}

More information about the Secure-testing-commits mailing list