[Secure-testing-commits] r18337 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jan 31 07:33:16 UTC 2012 

Author: jmm
Date: 2012-01-31 07:33:16 +0000 (Tue, 31 Jan 2012)
New Revision: 18337

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
6.0.4 point update, part 1


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-31 07:04:08 UTC (rev 18336)
+++ data/CVE/list	2012-01-31 07:33:16 UTC (rev 18337)
@@ -1798,7 +1798,7 @@
 CVE-2011-4923 [backuppc xss issue]
 	RESERVED
 	- backuppc 3.2.1-2 (bug #646865)
-	[squeeze] - backuppc <no-dsa> (Minor issue)
+	[squeeze] - backuppc 3.1.0-9.1
 CVE-2011-4922 [libpurple info leak]
 	RESERVED
 	- pidgin 2.7.11-1 (low)
@@ -4731,7 +4731,7 @@
 CVE-2011-4089
 	RESERVED
 	- bzip2 1.0.6-1 (low; bug #632862)
-	[squeeze] - bzip2 <no-dsa> (Will be fixed in spu upload)
+	[squeeze] - bzip2 1.0.5-6+squeeze1
 	[lenny] - bzip2 <no-dsa> (Minor issue)
 CVE-2011-4088
 	RESERVED
@@ -6019,7 +6019,7 @@
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and ...)
 	- bugzilla <removed> (low)
-	[squeeze] - bugzilla <no-dsa> (Minor issue)
+	[squeeze] - bugzilla 3.6.2.0-4.5
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS ...)
 	- iceweasel <not-affected> (MacOS specific)
@@ -6061,7 +6061,7 @@
 	- iceape <not-affected> (Only affects Firefox >= 8)
 CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x ...)
 	- bugzilla <removed> (low)
-	[squeeze] - bugzilla <no-dsa> (Minor issue)
+	[squeeze] - bugzilla 3.6.2.0-4.5
 	[lenny] - bugzilla <no-dsa> (Minor issue)
 CVE-2011-3656
 	RESERVED
@@ -6995,7 +6995,7 @@
 CVE-2011-3361 [BackupPC XSS in Browse.pm]
 	RESERVED
 	- backuppc 3.2.1-2 (bug #641450)
-	[squeeze] - backuppc <no-dsa> (Minor issue)
+	[squeeze] - backuppc 3.1.0-9.1
 	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
 	NOTE: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
 CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 ...)
@@ -8906,7 +8906,7 @@
 CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:5.1-1 (low)
-	[squeeze] - cifs-utils <no-dsa> (Minor issue)
+	[squeeze] - cifs-utils 2:4.5-2+squeeze1
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
 CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the ...)
@@ -10397,7 +10397,7 @@
 	NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
 CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ...)
 	- cherokee <unfixed> (low; bug #647205)
-	[squeeze] - cherokee <no-dsa> (Minor issue)
+	[squeeze] - cherokee 1.0.8-5+squeeze1
 	[lenny] - cherokee <no-dsa> (Minor issue)
 	NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
 CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during entity ...)
@@ -11778,7 +11778,7 @@
 CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
 	- samba 2:3.4.7~dfsg-2 (low)
 	- cifs-utils 2:5.1-1 (low)
-	[squeeze] - cifs-utils <no-dsa> (Minor issue)
+	[squeeze] - cifs-utils 2:4.5-2+squeeze1
 	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
 	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
 CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)
@@ -11819,7 +11819,7 @@
 	NOT-FOR-US: GrapeCity Data Dynamics Reports
 CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
 	- eglibc 2.13-8
-	[squeeze] - eglibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc 2.11.3-2
 	- glibc <removed>
 	[lenny] - glibc <no-dsa> (Minor issue)
 	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
@@ -13576,7 +13576,7 @@
 	- glibc <removed>
 	[lenny] - glibc <no-dsa> (Minor issue)
 	- eglibc 2.13-16
-	[squeeze] - eglibc <no-dsa> (Minor issue)
+	[squeeze] - eglibc 2.11.3-2
 	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
 	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
 CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not ...)
@@ -13656,7 +13656,7 @@
 CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded ...)
 	- glibc <removed>
 	- eglibc 2.11.2-12 (bug #615120)
-	NOTE: poc does not work on version 2.13 in experimental
+	[squeeze] - eglibc 2.11.3-2
 CVE-2011-1070
 	RESERVED
 	- v86d 0.1.10-1 (low; bug #619404)
@@ -14542,7 +14542,7 @@
 	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
 CVE-2011-0766 (The random number generator in the Crypto application before 2.0.2.2, ...)
 	- erlang 1:14.b.3-dfsg-1 (low; bug #628456)
-	[squeeze] - erlang <no-dsa> (Minor issue)
+	[squeeze] - erlang 1:14.a-dfsg-3squeeze1
 	NOTE: http://www.kb.cert.org/vuls/id/178990
 	NOTE: https://github.com/erlang/otp/commit/f228601de45c5
 CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2012-01-31 07:04:08 UTC (rev 18336)
+++ data/next-point-update.txt	2012-01-31 07:33:16 UTC (rev 18337)
@@ -8,14 +8,8 @@
 	[squeeze] - xorg-server 2:1.7.7-14
 CVE-2011-4315
 	[squeeze] - nginx 0.7.67-3+squeeze1
-CVE-2011-2190
-	[squeeze] - cherokee 1.0.8-5+squeeze1
 CVE-2011-2722
 	[squeeze] - hplip 3.10.6-2+squeeze0
-CVE-2011-2724
-	[squeeze] - cifs-utils 2:4.5-2+squeeze1
-CVE-2011-1678
-	[squeeze] - cifs-utils 2:4.5-2+squeeze1
 CVE-2011-4114
 	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
 CVE-2011-5060
@@ -30,14 +24,6 @@
 	[squeeze] - gnutls26 2.8.6-1+squeeze1
 CVE-2011-3378
 	[squeeze] - rpm 4.8.1-6+squeeze1
-CVE-2011-1095
-	[squeeze] - eglibc 2.11.3-2
-CVE-2011-1071
-	[squeeze] - eglibc 2.11.3-2
-CVE-2011-1659
-	[squeeze] - eglibc 2.11.3-2
-CVE-2011-4089
-	[squeeze] - bzip2 1.0.5-6+squeeze1
 CVE-2011-4616
 	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
 CVE-2011-2939
@@ -49,18 +35,12 @@
 	[squeeze] - xpdf 3.02-12+squeeze1
 CVE-2011-1749
 	[squeeze] - nfs-utils 1:1.2.2-4squeeze2
-CVE-2011-0766
-	[squeeze] - erlang 1:14.a-dfsg-3squeeze1
 CVE-2011-1843
 	[squeeze] - tinyproxy 1.8.2-1squeeze2
 CVE-2011-4617
 	[squeeze] - python-virtualenv 1.4.9-3squeeze1
 CVE-2011-3598
 	[squeeze] - phppgadmin 4.2.3-1.1squeeze1
-CVE-2011-3657
-	[squeeze] - bugzilla 3.6.2.0-4.5
-CVE-2011-3667
-	[squeeze] - bugzilla 3.6.2.0-4.5
 CVE-2011-3594
 	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-4601
@@ -71,10 +51,6 @@
 	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-1575
 	[squeeze] - pure-ftpd 1.0.28-3+squeeze1
-CVE-2011-3361
-	[squeeze] - backuppc 3.1.0-9.1
-CVE-2011-4923
-	[squeeze] - backuppc 3.1.0-9.1
 CVE-2011-1933
 	[squeeze] - libjifty-dbi-perl 0.60-1+squeeze1

More information about the Secure-testing-commits mailing list