[Secure-testing-commits] r19126 - in data: . CVE

[Moritz Muehlenhoff]

Author: jmm
Date: 2012-05-03 15:06:45 +0000 (Thu, 03 May 2012)
New Revision: 19126

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
one struts issue not affected
otrs fixed (also in squeeze)
libgssglue no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-05-03 14:44:56 UTC (rev 19125)
+++ data/CVE/list	2012-05-03 15:06:45 UTC (rev 19126)
@@ -2075,7 +2075,7 @@
 	NOTE: Not suitable for code injection
 CVE-2012-1592
 	RESERVED
-	- libstruts1.2-java <unfixed> (bug #657870)
+	- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
 CVE-2012-1591
 	RESERVED
 CVE-2012-1590
@@ -13226,6 +13226,7 @@
 CVE-2011-2709 [GSSAPI_MECH_CONF environment variable not ignored in privileged processes]
 	RESERVED
 	- libgssglue <unfixed> (low; bug #670256)
+	[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
 	NOTE: Our mount.nfs does not link against libgssglue,
 	NOTE: so we do not appear to be affected directly.
 CVE-2011-2708
@@ -19790,8 +19791,7 @@
 CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
 	NOT-FOR-US: e107
 CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier ...)
-	- otrs2 <unfixed>
-	TODO: check
+	- otrs2 2.4.5-1
 CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
 	NOT-FOR-US: Things BBS
 CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt	2012-05-03 14:44:56 UTC (rev 19125)
+++ data/spu-candidates.txt	2012-05-03 15:06:45 UTC (rev 19126)
@@ -179,6 +179,11 @@
 
 --
 
+libgssglue (CVE-2011-2709)
+patch in bug #670256
+
+--
+
 libxslt (CVE-2011-3970)
 #660650
 http://git.gnome.org/browse/libxslt/commit/?id=fe5a4fa33eb85bce3253ed3742b1ea6c4b59b41b