[Secure-testing-commits] r18339 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Tue Jan 31 07:52:14 UTC 2012 

Author: jmm
Date: 2012-01-31 07:52:14 +0000 (Tue, 31 Jan 2012)
New Revision: 18339

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
squeeze 6.0.4, part 3


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-01-31 07:46:07 UTC (rev 18338)
+++ data/CVE/list	2012-01-31 07:52:14 UTC (rev 18339)
@@ -3218,10 +3218,13 @@
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...)
 	- pidgin 2.10.1-1 (low)
+	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...)
 	- pidgin 2.10.1-1 (low)
+	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin ...)
 	- pidgin 2.10.1-1 (low)
+	[squeeze] - pidgin 2.7.3-1+squeeze2
 CVE-2011-4600
 	RESERVED
 CVE-2011-4599
@@ -4888,15 +4891,14 @@
 CVE-2011-4029
 	RESERVED
 	- xorg-server 2:1.11.1.901-2 (low)
-	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[squeeze] - xorg-server 2:1.7.7-14
 	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
 	NOTE: this has a poc now: http://vladz.devzero.fr/Xorg-CVE-2011-4029.txt 
-	TODO: max impact is info disclosure, which tends to be treated w low urgency, but this allows reading of any file, e.g. /etc/shadow, so should urgency be higher?
 CVE-2011-4028
 	RESERVED
 	- xorg-server 2:1.11.1.901-2 (low)
-	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[squeeze] - xorg-server 2:1.7.7-14
 	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
 CVE-2011-4027
@@ -6311,7 +6313,7 @@
 	- joomla <itp> (bug #571794)
 CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in ...)
 	- pidgin 2.10.1-1 (unimportant)
-	NOTE: http://developer.pidgin.im/ticket/14636
+	[squeeze] - pidgin 2.7.3-1+squeeze2
 	NOTE: relatively obscure client crash
 CVE-2011-3593
 	RESERVED
@@ -6934,7 +6936,7 @@
 	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
 CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote ...)
 	- rpm 4.9.1.2-1 (low; bug #645325)
-	[squeeze] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
+	[squeeze] - rpm 4.8.1-6+squeeze1
 	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
 CVE-2011-3377
 	RESERVED
@@ -7527,7 +7529,7 @@
 CVE-2010-4818 [X.org multiple input sanitization flaws]
 	RESERVED
 	- xorg-server 2:1.9.99.902-1
-	[squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update)
+	[squeeze] - xorg-server 2:1.7.7-4
 	[lenny] - xorg-server <no-dsa> (Minor issue)
 	NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact:
 	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
@@ -8316,7 +8318,7 @@
 	RESERVED
 	- xpdf 3.02-19 (low; bug #635849)
 	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
-	[squeeze] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
+	[squeeze] - xpdf 3.02-12+squeeze1
 CVE-2011-2901 Xen <= 3.3 DoS due to incorrect virtual address validation
 	RESERVED
 	- xen <not-affected> (Only affects Xen <= 3.3)
@@ -11230,6 +11232,7 @@
 	NOT-FOR-US: Silverlight
 CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...)
 	- tinyproxy 1.8.2-2 (unimportant; bug #627503)
+	[squeeze] - tinyproxy 1.8.2-1squeeze2
 	NOTE: Only exploitable through config files, which are under admin control
 CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...)
 	NOT-FOR-US: Ubuntu-specific language-selector package
@@ -12038,7 +12041,7 @@
 	NOTE: "...code path in question is no longer reachable..." not sure when this was fixed
 CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
 	- pure-ftpd 1.0.30-1 (low)
-	[squeeze] - pure-ftpd <no-dsa> (Will be fixed in stable point update)
+	[squeeze] - pure-ftpd 1.0.28-3+squeeze1
 	[lenny] - pure-ftpd <no-dsa> (Minor issue)
 CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in ...)
 	{DSA-2226-1}

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2012-01-31 07:46:07 UTC (rev 18338)
+++ data/next-point-update.txt	2012-01-31 07:52:14 UTC (rev 18339)
@@ -1,25 +1,3 @@
-CVE-2011-4029
-	[squeeze] - xorg-server 2:1.7.7-14
-CVE-2011-4028
-	[squeeze] - xorg-server 2:1.7.7-14
-CVE-2010-4818
-	[squeeze] - xorg-server 2:1.7.7-14
-CVE-2011-3378
-	[squeeze] - rpm 4.8.1-6+squeeze1
-CVE-2011-2902
-	[squeeze] - xpdf 3.02-12+squeeze1
-CVE-2011-1843
-	[squeeze] - tinyproxy 1.8.2-1squeeze2
 CVE-2011-4617
 	[squeeze] - python-virtualenv 1.4.9-3squeeze1
-CVE-2011-3594
-	[squeeze] - pidgin 2.7.3-1+squeeze2
-CVE-2011-4601
-	[squeeze] - pidgin 2.7.3-1+squeeze2
-CVE-2011-4602
-	[squeeze] - pidgin 2.7.3-1+squeeze2
-CVE-2011-4603
-	[squeeze] - pidgin 2.7.3-1+squeeze2
-CVE-2011-1575
-	[squeeze] - pure-ftpd 1.0.28-3+squeeze1

More information about the Secure-testing-commits mailing list