[Secure-testing-commits] r21401 - in data: . CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sat Feb 23 16:21:30 UTC 2013 

Author: thijs
Date: 2013-02-23 16:21:30 +0000 (Sat, 23 Feb 2013)
New Revision: 21401

Modified:
   data/CVE/list
   data/next-point-update.txt
Log:
6.0.7 released


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-23 15:40:31 UTC (rev 21400)
+++ data/CVE/list	2013-02-23 16:21:30 UTC (rev 21401)
@@ -1904,7 +1904,7 @@
 	NOT-FOR-US: uTorrent
 CVE-2013-XXXX [buffer overflow in commandline parsing]
 	- swath 0.4.3-3 (low; bug #698189)
-	[squeeze] - swath <no-dsa> (Minor issue)
+	[squeeze] - swath 0.4.0-4+squeeze1
 CVE-2013-0243 [Basic constraints vulnerability]
 	RESERVED
 	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
@@ -1983,7 +1983,7 @@
 CVE-2012-6110 [bcron file descriptors not closed]
 	RESERVED
 	- bcron 0.09-13 (low; bug #686650)
-	[squeeze] - bcron <no-dsa> (Minor issue)
+	[squeeze] - bcron 0.09-11+squeeze1
 CVE-2013-1364 [possible to override LDAP configuration parameters via the API]
 	RESERVED
 	- zabbix 1:2.0.4+dfsg-2 (bug #698541)
@@ -3421,7 +3421,7 @@
 	RESERVED
 CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ...)
 	- ettercap 1:0.7.5.1-2 (low; bug #697987)
-	[squeeze] - ettercap <no-dsa> (Minor issue)
+	[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
 	NOTE: http://www.exploit-db.com/exploits/23945/
 	NOTE: https://secunia.com/advisories/51731/
@@ -4312,6 +4312,7 @@
 	- foswiki <itp> (bug #509864)
 CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...)
 	- perl 5.14.2-16 (bug #695224)
+	[squeeze] - perl 5.10.1-17squeeze5
 	- foswiki <itp> (bug #509864)
 CVE-2012-6328
 	RESERVED
@@ -4761,7 +4762,7 @@
 CVE-2013-0292 [Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received]
 	RESERVED
 	- dbus-glib 0.100.1-1 (bug #700638; high)
-	[squeeze] - dbus-glib <no-dsa> (6.0.7 point release scheduled soon)
+	[squeeze] - dbus-glib 0.88-2.1+squeeze1
 CVE-2013-0291
 	RESERVED
 CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux ...)
@@ -5115,7 +5116,7 @@
 CVE-2013-0191 [pam-pgsql NULL password handling issue]
 	RESERVED
 	- pam-pgsql 0.7.3.1-4 (bug #698241)
-	[squeeze] - pam-pgsql <no-dsa> (Minor issue)
+	[squeeze] - pam-pgsql 0.7.1-4+squeeze2
 	NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
 	NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/
 CVE-2013-0187
@@ -5899,12 +5900,12 @@
 	RESERVED
 CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in ...)
 	- swi-prolog 5.10.4-5 (low; bug #697416)
-	[squeeze] - swi-prolog <no-dsa> (Minor issue)
+	[squeeze] - swi-prolog 5.10.1-1+squeeze1
 	NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
 	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
 CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...)
 	- swi-prolog 5.10.4-5 (low; bug #697416)
-	[squeeze] - swi-prolog <no-dsa> (Minor issue)
+	[squeeze] - swi-prolog 5.10.1-1+squeeze1
 	NOTE: https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
 	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
 CVE-2012-6088 (The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 ...)
@@ -7991,6 +7992,7 @@
 CVE-2012-5391
 	RESERVED
 	- mediawiki 1:1.19.3-1 (bug #694998)
+	[squeeze] - mediawiki 1:1.15.5-2squeeze5
 CVE-2012-5390 [Possible privilege escalation]
 	RESERVED
 	- condor <not-affected> (standard universe is disabled in the Debian package, see bug #697936)
@@ -10268,6 +10270,7 @@
 	- kfreebsd-8 8.3-6 (bug #694096)
 	- kfreebsd-9 9.0-9 (bug #694097)
 	- kfreebsd-10 <unfixed> (bug #694098)
+	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4
 CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 ...)
 	- pgbouncer 1.5.2-4
 CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions ...)
@@ -10467,7 +10470,7 @@
 CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
 	- claws-mail 3.8.1-2 (low; bug #690151)
 	[squeeze] - claws-mail <no-dsa> (Minor issue)
-	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862578
+	[squeeze] - claws-mail 3.7.6-4+squeeze1
 	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
 	NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165
 CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when ...)
@@ -13479,7 +13482,7 @@
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...)
 	- dtach 0.8-2.1 (low; bug #625302)
-	[squeeze] - dtach <no-dsa> (Minor issue)
+	[squeeze] - dtach 0.8-2+squeeze1
 	NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
 	NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551
@@ -15782,7 +15785,7 @@
 CVE-2010-5107 [openssh: DoS]
 	RESERVED
 	- openssh 1:6.0p1-4 (low; bug #700102)
-	[squeeze] - openssh <no-dsa> (will be fixed via pu)
+	[squeeze] - openssh 1:5.5p1-6+squeeze3
 CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
 	- wordpress 3.0.3-1
 CVE-2010-5105 [blender /tmp/quit.blend temp file issue]
@@ -15940,6 +15943,7 @@
 	NOT-FOR-US: Bytemark Symbiosis
 CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, ...)
 	- moodle 2.2.3.dfsg-1 (low; bug #674163)
+	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
 CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before ...)
 	- moodle 2.2.3.dfsg-1 (bug #674163)
 	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
@@ -15951,9 +15955,11 @@
 	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
 CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the calendar ...)
 	- moodle 2.0-1 (bug #674163)
+	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
 	NOTE: Only affects Moodle 1.9.x
 CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog ...)
 	- moodle 2.0-1 (bug #674163)
+	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
 	NOTE: Only affects Moodle 1.9.x
 CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...)
 	- moodle 2.2.3.dfsg-1 (bug #674163)
@@ -17940,7 +17946,7 @@
 	- file 5.11-1 (low; bug #664263)
 CVE-2012-1570 (The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 ...)
 	- maradns 1.4.12-1 (bug #665012)
-	[squeeze] - maradns <no-dsa> (Minor DNS protocol flaw)
+	[squeeze] - maradns 1.4.03-1.1+squeeze1
 CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before ...)
 	{DSA-2440-1}
 	- libtasn1-3 2.12-1 (high)
@@ -18863,6 +18869,7 @@
 	RESERVED
 	- moodle 1.9.9.dfsg2-6 (low; bug #668411)
 	[squeeze] - moodle <no-dsa> (Minor issue)
+	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
 CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used ...)
 	NOT-FOR-US: mod_cluster
 CVE-2012-1153 (Unrestricted file upload vulnerability in ...)
@@ -23701,7 +23708,7 @@
 	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
 CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
 	- libproc-processtable-perl 0.45-6 (low; bug #650500)
-	[squeeze] - libproc-processtable-perl <no-dsa> (Minor issue)
+	[squeeze] - libproc-processtable-perl 0.45-1+squeeze1
 CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP ...)
 	{DSA-2368-1}
 	- lighttpd 1.4.30-1 (low; bug #652726)
@@ -35846,7 +35853,7 @@
 	- xpdf 3.02-9
 	- poppler 0.16.3-1 (low)
 	[lenny] - poppler <no-dsa> (minor issue)
-	[squeeze] - poppler <no-dsa> (minor issue)
+	[squeeze] - poppler 0.12.4-1.2+squeeze1
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
 CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function ...)
 	{DSA-2191-1}
@@ -49407,6 +49414,7 @@
 	- kdegraphics 4.0 (unimportant)
 	- xpdf <unfixed> (unimportant)
 	- poppler 0.16.3-1 (unimportant)
+	[squeeze] - poppler 0.12.4-1.2+squeeze1
 	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
 	NOTE: Just a crasher, not treated as a security issue
 CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
@@ -49414,6 +49422,7 @@
 	- kdegraphics 4.0 (unimportant)
 	- xpdf <unfixed>  (unimportant)
 	- poppler 0.16.3-1 (unimportant)
+	[squeeze] - poppler 0.12.4-1.2+squeeze1
 	NOTE: https://bugzilla.redhat.com/CVE-2010-0206
 	NOTE: Just a crasher, not treated as a security issue
 CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt	2013-02-23 15:40:31 UTC (rev 21400)
+++ data/next-point-update.txt	2013-02-23 16:21:30 UTC (rev 21401)
@@ -1,48 +0,0 @@
-CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in ...)
-	[squeeze] - swi-prolog 5.10.1-1+squeeze1
-CVE-2012-6089
-	[squeeze] - swi-prolog 5.10.1-1+squeeze1
-CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
-	[squeeze] - claws-mail 3.7.6-4+squeeze1
-CVE-2013-0191 [pam-pgsql NULL password handling issue]
-	[squeeze] - pam-pgsql 0.7.1-4+squeeze2
-CVE-2012-6110 [bcron file descriptors not closed]
-	[squeeze] - bcron 0.09-11+squeeze1
-CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
-	[squeeze] - libproc-processtable-perl 0.45-1+squeeze1
-CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...)
-	[squeeze] - dtach 0.8-2+squeeze1
-CVE-2010-5107 [openssh: DoS]
-	[squeeze] - openssh 1:5.5p1-6+squeeze3
-CVE-2010-0206
-	[squeeze] - poppler 0.12.4-1.2+squeeze1
-CVE-2010-0207
-	[squeeze] - poppler 0.12.4-1.2+squeeze1
-CVE-2010-4653
-	[squeeze] - poppler 0.12.4-1.2+squeeze1
-CVE-2012-3524
-	[squeeze] - dbus 1.2.24-4+squeeze2
-CVE-2012-1570
-	[squeeze] - maradns 1.4.03-1.1+squeeze1
-CVE-2012-5391
-	[squeeze] - mediawiki 1:1.15.5-2squeeze5
-CVE-2012-1155
-	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
-CVE-2012-2362
-	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
-CVE-2012-2363
-	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
-CVE-2012-2367
-	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
-CVE-2012-6303
-	[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
-CVE-2012-XXXX [TEMP-0698189-BE9FC4]
-	[squeeze] - swath 0.4.0-4+squeeze1
-CVE-2013-0722
-	[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
-CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...)
-	[squeeze] - perl 5.10.1-17squeeze5
-CVE-2012-4576
-	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4
-CVE-2013-0292 [Local privilege escalation due improper filtering of message sender when NameOwnerChanged signal received]
-	[squeeze] - dbus-glib 0.88-2.1+squeeze1

More information about the Secure-testing-commits mailing list