[Secure-testing-commits] r18482 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Sun Feb 19 20:06:50 UTC 2012
Author: jmm
Date: 2012-02-19 20:06:50 +0000 (Sun, 19 Feb 2012)
New Revision: 18482
Modified:
data/CVE/list
Log:
record sid fixes
drop historic dillo entry
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-02-19 19:39:09 UTC (rev 18481)
+++ data/CVE/list 2012-02-19 20:06:50 UTC (rev 18482)
@@ -2699,7 +2699,7 @@
- heimdal <unfixed> (high)
- inetutils 2:1.8-6 (high)
- krb5 1.8+dfsg~aa+r23527-1 (high)
- - krb5-appl <unfixed> (high; bug #654231)
+ - krb5-appl 1:1.0.1-1.2 (high; bug #654231)
NOTE: krb5 fixed through move of code to krb5-appl.
CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum ...)
NOT-FOR-US: Schneider Electric Quantum Ethernet Module
@@ -14524,11 +14524,9 @@
CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server ...)
NOT-FOR-US: IBM
CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier ...)
- - feh <unfixed> (low)
+ - feh 1.12-1 (low)
[lenny] - feh <no-dsa> (Minor issue)
[squeeze] - feh <no-dsa> (Minor issue)
- NOTE: in 1.11.2-1 --no-clobber was added to the wget call in order
- NOTE: to prevent overwriting files. can still be create thoug. questionable fix
CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...)
NOT-FOR-US: IBM
CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
@@ -29129,10 +29127,6 @@
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
- ffmpeg 4:0.5.1-1 (medium; bug #570713)
- ffmpeg-debian <end-of-life>
-CVE-2010-XXXX [dillo improper restriction of path in cookies]
- - dillo <removed>
- NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog
- NOTE: it is not clear whether the issue affects pre-2.x versions
CVE-2010-XXXX [phpbb3 weak captcha]
- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
More information about the Secure-testing-commits
mailing list