[Secure-testing-commits] r18096 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Jan 9 17:46:15 UTC 2012
Author: jmm
Date: 2012-01-09 17:46:15 +0000 (Mon, 09 Jan 2012)
New Revision: 18096
Modified:
data/CVE/list
data/spu-candidates.txt
Log:
- super fixed
- pam spu candidate
- update htmlpurifier status
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-09 17:37:13 UTC (rev 18095)
+++ data/CVE/list 2012-01-09 17:46:15 UTC (rev 18096)
@@ -7439,6 +7439,7 @@
CVE-2011-2776
RESERVED
{DSA-2383-1}
+ - super 3.30.0-6
CVE-2011-2775
RESERVED
CVE-2011-2774 (The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 ...)
@@ -10891,10 +10892,12 @@
- python2.4 <removed>
NOTE: http://bugs.python.org/issue11662
CVE-2011-XXXX [htmlpurifier various]
- - php-htmlpurifier 4.3.0+dfsg1-1
+ - php-htmlpurifier 4.3.0+dfsg1-1 (unimportant)
- mahara 1.2.5-1
[lenny] - mahara 1.0.4-4+lenny10
NOTE: http://htmlpurifier.org/news/2011/0327-4.3.0-released
+ NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself
+ NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara)
CVE-2011-1517
RESERVED
CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...)
@@ -17654,6 +17657,8 @@
- couchdb 1.1.0-1
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...)
- pam 1.1.3-1 (low; bug #608273)
+ [squeeze] - pam <no-dsa> (Minor issue)
+ [lenny] - pam <no-dsa> (Minor issue)
CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...)
NOT-FOR-US: Red Hat Conga
CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...)
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2012-01-09 17:37:13 UTC (rev 18095)
+++ data/spu-candidates.txt 2012-01-09 17:46:15 UTC (rev 18096)
@@ -157,6 +157,13 @@
--
+pam (CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707, CVE-2010-4708
+#608273
+#599832
+#611136
+
+--
+
prosody (CVE-2011-2205)
#579087
Also requires additional fix in lua-expat
More information about the Secure-testing-commits
mailing list