[Secure-testing-commits] r18055 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Fri Jan 6 09:36:23 UTC 2012
Author: jmm
Date: 2012-01-06 09:36:22 +0000 (Fri, 06 Jan 2012)
New Revision: 18055
Modified:
data/CVE/list
Log:
python update:
mark distutils as unimportant
CGI src disclosure fixed in 2.7 and 3.1, 2.6 will be removed for wheezy, too intrusive too backport
add another mozilla ID, sid/testing only
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-06 09:33:48 UTC (rev 18054)
+++ data/CVE/list 2012-01-06 09:36:22 UTC (rev 18055)
@@ -585,9 +585,9 @@
[squeeze] - pidgin <no-dsa> (Minor issue)
NOTE: http://www.pidgin.im/news/security/?id=50
CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, ...)
- TODO: check
+ NOT-FOR-US: e107
CVE-2011-4919
RESERVED
CVE-2011-4918
@@ -4724,7 +4724,11 @@
[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- TODO: check
+ - xulrunner <not-affected> (Only affects Firefox >= 4)
+ - iceweasel 9.0-1
+ [lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
+ [squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
+ - iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3659
RESERVED
CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and ...)
@@ -6157,7 +6161,7 @@
CVE-2011-3180
RESERVED
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
- TODO: check
+ NOT-FOR-US: Novell Messenger
CVE-2011-3178
RESERVED
CVE-2011-3177
@@ -6169,7 +6173,7 @@
CVE-2011-3174
RESERVED
CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in ...)
- TODO: check
+ NOT-FOR-US: Novell Open Enterprise Server
CVE-2011-3172
RESERVED
CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly ...)
@@ -12194,11 +12198,9 @@
CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...)
- pixelpost <removed>
CVE-2011-XXXX [python2.6: distutils world-readable password]
- - python2.6 <unfixed> (low; bug #615118)
- - python2.7 <unfixed> (low)
- [squeeze] - python2.6 <no-dsa> (minor issue)
- [lenny] - python2.6 <no-dsa> (minor issue)
- TODO: are other python versions affected?
+ - python2.6 <unfixed> (unimportant; bug #615118)
+ - python2.7 <unfixed> (unimportant)
+ NOTE: Negligable impact
CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick ...)
NOT-FOR-US: FocalMedia.Net Quick Polls
CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in ...)
@@ -12470,11 +12472,11 @@
- python2.6 <unfixed> (low; bug #614860)
[squeeze] - python2.6 <no-dsa> (Minor issue)
- python2.5 <unfixed> (low)
- [squeeze] - python2.5 <no-dsa> (Minor issue)
- [lenny] - python2.5 <no-dsa> (Minor issue)
+ [squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
+ [lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
- python2.4 <removed> (low)
[lenny] - python2.4 <no-dsa> (Minor issue)
- NOTE: Python 3.1 is fixed
+ NOTE: Python 2.7 and 3.1 are fixed
NOTE: http://bugs.python.org/issue2254
CVE-2011-1014
RESERVED
More information about the Secure-testing-commits
mailing list