[Secure-testing-commits] r20730 - in data: CVE DSA
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Dec 28 21:15:31 UTC 2012
Author: jmm
Date: 2012-12-28 21:15:31 +0000 (Fri, 28 Dec 2012)
New Revision: 20730
Modified:
data/CVE/list
data/DSA/list
Log:
no-dsa: dbus, freeradius, feedparser, libvorbisidec, snack
fix up old trousers entry, already fixed through DSA
cleanup more old mozilla issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-28 21:14:31 UTC (rev 20729)
+++ data/CVE/list 2012-12-28 21:15:31 UTC (rev 20730)
@@ -1488,7 +1488,8 @@
RESERVED
CVE-2012-6303 [WaveSurfer and Snack Sound Toolkit buffer overflows]
RESERVED
- - snack <unfixed> (bug #695614)
+ - snack <unfixed> (low; bug #695614)
+ [squeeze] - snack <no-dsa> (Minor issue)
- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
NOTE: http://secunia.com/advisories/49889/
NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
@@ -6650,7 +6651,6 @@
CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
- openjdk-7 7u3-2.1.3-1 (bug #690774)
- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
- - sun-java6 <removed>
CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...)
- libguac 0.6.0-2 (medium)
NOTE: maintainer contacted us, working on update
@@ -7314,6 +7314,9 @@
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
{DSA-2572-1 DSA-2569-1 DSA-2565-1}
- iceweasel 10.0.8esr-1
@@ -7759,6 +7762,9 @@
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
- iceape 2.7.9-1
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
- iceweasel 10.0.8esr-1
- icedove 10.0.9-1
@@ -8855,6 +8861,7 @@
- jabberd2 <unfixed> (bug #685666)
CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
- dbus 1.6.8-1 (bug #689070)
+ [squeeze] - dbus <no-dsa> (Minor issue in Squeeze, will be fixed in spu)
- glib2.0 2.33.12+really2.32.4-2
[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
NOTE: fixed in 2.34.0-1 from experimental
@@ -9957,6 +9964,7 @@
NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla ...)
- iceweasel 10.0.5esr-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3104
RESERVED
CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly ...)
@@ -10349,7 +10357,8 @@
- drupal7 <unfixed> (unimportant)
NOTE: Path disclosure irrelevant for Debian
CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before ...)
- - feedparser 5.1.2-1 (bug #674167)
+ - feedparser 5.1.2-1 (low; bug #674167)
+ [squeeze] - feedparser <no-dsa> (Minor issue)
CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...)
NOT-FOR-US: WordPress User Photo plugin
CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto ...)
@@ -12970,9 +12979,10 @@
- iceweasel 10.0.5esr-1
- icedove 10.0.5-1
CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ...)
- {DSA-2499-1}
- iceweasel 10.0.5esr-1
- icedove 10.0.5-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects iceweasel from experimental)
CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
@@ -15889,7 +15899,6 @@
CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
{DSA-2576-1}
- trousers 0.3.9-1 (low; bug #692649)
- [squeeze] - trousers <no-dsa> (Minor issue)
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
NOT-FOR-US: WebSphere
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
@@ -17298,6 +17307,7 @@
CVE-2011-4966
RESERVED
- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
+ [squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
RESERVED
CVE-2011-4964
@@ -49289,6 +49299,7 @@
CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
{DSA-1939-1}
- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+ [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
- libvorbis 1.2.3-1 (medium)
- xulrunner 1.9.1.4-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -52023,6 +52034,7 @@
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
{DSA-1939-1}
- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
+ [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
- xulrunner 1.9.1.2-1 (medium; bug #540961)
[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
@@ -70671,6 +70683,7 @@
NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+ [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
- libvorbis 1.2.0.dfsg-4 (bug #482039)
[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
@@ -72076,6 +72089,7 @@
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
{DSA-1591-1}
- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+ [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
RESERVED
@@ -72088,6 +72102,7 @@
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
{DSA-1591-1}
- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
+ [squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
RESERVED
Modified: data/DSA/list
===================================================================
--- data/DSA/list 2012-12-28 21:14:31 UTC (rev 20729)
+++ data/DSA/list 2012-12-28 21:15:31 UTC (rev 20730)
@@ -284,7 +284,7 @@
{CVE-2012-1118 CVE-2012-1119 CVE-2012-1120 CVE-2012-1122 CVE-2012-1123 CVE-2012-2692}
[squeeze] - mantis 1.1.8+dfsg-10squeeze2
[24 Jun 2012] DSA-2499-1 icedove - several
- {CVE-2012-1937 CVE-2012-1939 CVE-2012-1940}
+ {CVE-2012-1937 CVE-2012-1940 CVE-2012-1947}
[squeeze] - icedove 3.0.11-1+squeeze11
[23 Jun 2012] DSA-2498-1 dhcpcd - remote stack overflow
{CVE-2012-2152}
More information about the Secure-testing-commits
mailing list