[Secure-testing-commits] r18338 - in data: . CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Jan 31 07:46:07 UTC 2012
Author: jmm
Date: 2012-01-31 07:46:07 +0000 (Tue, 31 Jan 2012)
New Revision: 18338
Modified:
data/CVE/list
data/next-point-update.txt
Log:
squeeze 6.0.4, part 2
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-31 07:33:16 UTC (rev 18337)
+++ data/CVE/list 2012-01-31 07:46:07 UTC (rev 18338)
@@ -551,7 +551,7 @@
NOT-FOR-US: WHMCompleteSolution
CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl ...)
- libpar-perl 1.005-1 (bug #650707)
- [squeeze] - libpar-perl <no-dsa> (Minor issue)
+ [squeeze] - libpar-perl 1.000-1+squeeze1
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...)
NOT-FOR-US: Windows Server
CVE-2010-XXXX [webkit info disclosure/segfault]
@@ -2870,7 +2870,7 @@
CVE-2012-0046 [mediawiki info leak]
RESERVED
- mediawiki 1:1.15.5-6 (low; bug #655694)
- [squeeze] - mediawiki <no-dsa> (Minor issue)
+ [squeeze] - mediawiki 1:1.15.5-2squeeze3
[lenny] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2012-0045
RESERVED
@@ -3166,7 +3166,7 @@
[squeeze] - python-virtualenv <no-dsa> (Minor issue)
CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro ...)
- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
- [squeeze] - libhtml-template-pro-perl <no-dsa> (Minor issue)
+ [squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...)
- zabbix 1:1.8.10-1 (bug #652664)
CVE-2011-4614 [TYPO3-SA-2011-004]
@@ -3850,6 +3850,7 @@
CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page ...)
{DSA-2366-1}
- mediawiki 1:1.15.5-4 (bug #650434)
+ [squeeze] - mediawiki <not-affected> (Vulnerable code not present)
NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions]
REJECTED
@@ -3998,7 +3999,7 @@
RESERVED
CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in ...)
- nginx 1.1.8-1 (low)
- [squeeze] - nginx <no-dsa> (Minor issue)
+ [squeeze] - nginx 0.7.67-3+squeeze1
[lenny] - nginx <no-dsa> (Minor issue)
NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used ...)
@@ -4606,7 +4607,7 @@
- libsocialweb 0.25.20-1
CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in ...)
- gnutls26 2.12.14-1 (low; bug #648441)
- [squeeze] - gnutls26 <no-dsa> (Minor issue)
+ [squeeze] - gnutls26 2.8.6-1+squeeze1
[lenny] - gnutls26 <no-dsa> (Minor issue)
CVE-2011-4127
RESERVED
@@ -4639,7 +4640,7 @@
RESERVED
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
- libpar-packer-perl 1.012-1 (bug #650706)
- [squeeze] - libpar-packer-perl <no-dsa> (Minor issue)
+ [squeeze] - libpar-packer-perl 1.006-1+squeeze1
CVE-2011-4113
RESERVED
- drupal6-mod-views 2.14-1
@@ -6292,15 +6293,14 @@
NOTE: All supported Debian kernels have /dev/random, so severity unimportant
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin ...)
- phppgadmin 5.0.3-1 (low; bug #644290)
- [squeeze] - phppgadmin <no-dsa> (Minor issue)
- NOTE: https://secunia.com/advisories/46248/
+ [squeeze] - phppgadmin 4.2.3-1.1squeeze1
CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows ...)
- libdigest-perl 1.17-1 (low; bug #644108)
+ [squeeze] - libdigest-perl 1.16-1+squeeze1
[lenny] - libdigest-perl <no-dsa> (Minor issue)
- [squeeze] - libdigest-perl <no-dsa> (Minor issue)
- perl 5.12.4-6 (low; bug #644108)
+ [squeeze] - perl 5.10.1-17squeeze3
[lenny] - perl <no-dsa> (Minor issue)
- [squeeze] - perl <no-dsa> (Minor issue)
NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
CVE-2011-3596
RESERVED
@@ -6894,7 +6894,7 @@
RESERVED
- masqmail 0.2.30-1 (low; bug #638002)
[lenny] - masqmail <no-dsa> (no security issue by itself)
- [squeeze] - masqmail <no-dsa> (no security issue by itself)
+ [squeeze] - masqmail 0.2.27-1.1+squeeze1
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft ...)
{DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1}
- sun-java6 <removed> (bug #645881)
@@ -6963,7 +6963,7 @@
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
- etherape 0.9.12-1 (low; bug #645324)
[lenny] - etherape <no-dsa> (Minor issue)
- [squeeze] - etherape <no-dsa> (Minor issue)
+ [squeeze] - etherape 0.9.8-1+squeeze1
CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...)
- apache2 2.2.21-2 (medium)
NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
@@ -8207,7 +8207,7 @@
[lenny] - stunnel4 <not-affected> (Only 4.4x affected)
CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in ...)
- perl 5.12.4-4 (low; bug #637376)
- [squeeze] - perl <no-dsa> (Minor issue)
+ [squeeze] - perl 5.10.1-17squeeze3
[lenny] - perl <no-dsa> (Minor issue)
- libencode-perl 2.44-1 (low)
CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...)
@@ -8915,7 +8915,7 @@
CVE-2011-2722
RESERVED
- hplip 3.11.10-1 (bug #635549; low)
- [squeeze] - hplip <no-dsa> (Minor issue)
+ [squeeze] - hplip 3.10.6-2+squeeze0
[lenny] - hplip <not-affected> (Vulnerable code not present)
CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in ...)
- clamav 0.97.2+dfsg-1 (bug #635599)
@@ -10262,7 +10262,7 @@
CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...)
- libdata-formvalidator-perl 4.66-3 (low; bug #629511)
[lenny] - libdata-formvalidator-perl <no-dsa> (Minor issue)
- [squeeze] - libdata-formvalidator-perl <no-dsa> (Minor issue)
+ [squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1
CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...)
- dbus 1.4.12-1 (low; bug #629938)
[squeeze] - dbus 1.2.24-4+squeeze1
@@ -11000,6 +11000,7 @@
CVE-2011-1933
RESERVED
- libjifty-dbi-perl 0.68-1 (low; bug #622919)
+ [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in ...)
- widelands 1:15-3 (low; bug #617960)
[lenny] - widelands <no-dsa> (Minor issue)
@@ -11604,7 +11605,7 @@
CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE]
RESERVED
- nfs-utils 1:1.2.3-3 (low; bug #629420)
- [squeeze] - nfs-utils <no-dsa> (Minor issue)
+ [squeeze] - nfs-utils 1:1.2.2-4squeeze2
[lenny] - nfs-utils <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
@@ -12612,7 +12613,7 @@
NOT-FOR-US: Ipswitch IMail
CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
- mutt 1.5.21-5 (low; bug #619216)
- [squeeze] - mutt <no-dsa> (Minor issue)
+ [squeeze] - mutt 1.5.20-9+squeeze2
[lenny] - mutt <no-dsa> (Minor issue)
NOTE: http://dev.mutt.org/trac/ticket/3506
CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt 2012-01-31 07:33:16 UTC (rev 18337)
+++ data/next-point-update.txt 2012-01-31 07:46:07 UTC (rev 18338)
@@ -1,46 +1,17 @@
-CVE-2011-3369
- [squeeze] - etherape 0.9.8-1+squeeze1
CVE-2011-4029
[squeeze] - xorg-server 2:1.7.7-14
CVE-2011-4028
[squeeze] - xorg-server 2:1.7.7-14
CVE-2010-4818
[squeeze] - xorg-server 2:1.7.7-14
-CVE-2011-4315
- [squeeze] - nginx 0.7.67-3+squeeze1
-CVE-2011-2722
- [squeeze] - hplip 3.10.6-2+squeeze0
-CVE-2011-4114
- [squeeze] - libpar-packer-perl 1.006-1+squeeze1
-CVE-2011-5060
- [squeeze] - libpar-perl 1.000-1+squeeze1
-CVE-2011-1429
- [squeeze] - mutt 1.5.20-9+squeeze2
-CVE-2011-2201
- [squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1
-CVE-2011-3350
- [squeeze] - masqmail 0.2.27-1.1+squeeze1
-CVE-2011-4128
- [squeeze] - gnutls26 2.8.6-1+squeeze1
CVE-2011-3378
[squeeze] - rpm 4.8.1-6+squeeze1
-CVE-2011-4616
- [squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
-CVE-2011-2939
- [squeeze] - perl 5.10.1-17squeeze3
-CVE-2011-3597
- [squeeze] - perl 5.10.1-17squeeze3
- [squeeze] - libdigest-perl 1.16-1+squeeze1
CVE-2011-2902
[squeeze] - xpdf 3.02-12+squeeze1
-CVE-2011-1749
- [squeeze] - nfs-utils 1:1.2.2-4squeeze2
CVE-2011-1843
[squeeze] - tinyproxy 1.8.2-1squeeze2
CVE-2011-4617
[squeeze] - python-virtualenv 1.4.9-3squeeze1
-CVE-2011-3598
- [squeeze] - phppgadmin 4.2.3-1.1squeeze1
CVE-2011-3594
[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4601
@@ -51,6 +22,4 @@
[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-1575
[squeeze] - pure-ftpd 1.0.28-3+squeeze1
-CVE-2011-1933
- [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
More information about the Secure-testing-commits
mailing list