[Secure-testing-commits] r18712 - in data: . CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Mar 19 11:35:58 UTC 2012 

Author: jmm
Date: 2012-03-19 11:35:58 +0000 (Mon, 19 Mar 2012)
New Revision: 18712

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
apr, iceape fixed
new quagga issues (fixed in sid)



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-03-19 09:57:22 UTC (rev 18711)
+++ data/CVE/list	2012-03-19 11:35:58 UTC (rev 18712)
@@ -1901,7 +1901,7 @@
 	{DSA-2417-1}
 	- libxml2 <unfixed> (bug #660846)
 CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...)
-	- apr <unfixed> (low; bug #655435)
+	- apr 1.4.6-1 (low; bug #655435)
 	[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn)
 	NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions
 CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...)
@@ -2803,7 +2803,7 @@
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0463 (The nsWindow implementation in the browser engine in Mozilla Firefox ...)
 	- iceweasel <not-affected> (Only affects Firefox Mobile on Android)
@@ -2812,49 +2812,49 @@
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 CVE-2012-0460 (Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0459 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
 	{DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 CVE-2012-0457 (Use-after-free vulnerability in the ...)
 	- icedove <unfixed>
 	[squeeze] - icedove <not-affected> (Vulnerable code not present)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and ...)
 	{DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
 	{DSA-2433-1}
 	- icedove <unfixed>
 	- iceweasel 10.0.3esr-1
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 CVE-2012-0454 (Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, ...)
 	- iceweasel <not-affected> (Only affects Firefox on Windows)
 CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in ...)
@@ -2870,7 +2870,7 @@
 	[squeeze] - icedove <not-affected> (CSP introduced in Thunderbird 3.3)
 	- iceweasel 10.0.3esr-1
 	[squeeze] - iceweasel <not-affected> (CSP introduced in Firefox 4)
-	- iceape <unfixed>
+	- iceape 2.7.3-1
 	[squeeze] - iceape <not-affected> (CSP introduced in Seamonkey 2.1)
 CVE-2012-0450 (Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and ...)
 	- icedove <unfixed>
@@ -3799,10 +3799,13 @@
 	RESERVED
 CVE-2012-0251
 	RESERVED
+	- quagga 0.99.20.1-1
 CVE-2012-0250
 	RESERVED
+	- quagga 0.99.20.1-1
 CVE-2012-0249
 	RESERVED
+	- quagga 0.99.20.1-1
 CVE-2012-0248
 	RESERVED
 	{DSA-2427-1}

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-03-19 09:57:22 UTC (rev 18711)
+++ data/spu-candidates.txt	2012-03-19 11:35:58 UTC (rev 18712)
@@ -233,6 +233,11 @@
 
 --
 
+pyfribidi (CVE-2012-1176)
+#663189
+
+--
+
 pyro (CVE-2011-2765)
 #631912
 awaiting maintainer response

More information about the Secure-testing-commits mailing list