[Secure-testing-commits] r20996 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jan 21 07:29:32 UTC 2013 

Author: jmm
Date: 2013-01-21 07:29:32 +0000 (Mon, 21 Jan 2013)
New Revision: 20996

Modified:
   data/CVE/list
Log:
haskell-tls-extra fixed
dnsmasq initial fix incomplete, likewise no-dsa
qt non-issue fixed
iceape fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-01-21 07:26:29 UTC (rev 20995)
+++ data/CVE/list	2013-01-21 07:29:32 UTC (rev 20996)
@@ -1,5 +1,5 @@
 CVE-2013-XXXX [Basic constraints vulnerability]
-	- haskell-tls-extra <unfixed> (bug #698545)
+	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
 	NOTE: CVE requested
 CVE-2013-XXXX [temp file vulnerability in git-extras]
 	- git-extras <unfixed> (bug #698490)
@@ -1306,7 +1306,7 @@
 CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1314,11 +1314,11 @@
 CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0765
 	RESERVED
 CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox ...)
@@ -1332,7 +1332,7 @@
 CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0761 (Use-after-free vulnerability in the ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1344,11 +1344,11 @@
 CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1364,11 +1364,11 @@
 CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1380,7 +1380,7 @@
 CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1388,7 +1388,7 @@
 CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1396,7 +1396,7 @@
 CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -1404,7 +1404,7 @@
 CVE-2013-0744 (Use-after-free vulnerability in the ...)
 	- iceweasel 10.0.12esr-1
 	- icedove 10.0.12-1
-	- iceape <unfixed>
+	- iceape 2.7.12-1
 CVE-2013-0743 [nss: Dis-trust TURKTRUST mis-issued *.google.com certificate]
 	RESERVED
 	{DSA-2599-1}
@@ -2875,7 +2875,9 @@
 	RESERVED
 CVE-2013-0198 [dnsmasq: Incomplete fix for the CVE-2012-3411 issue]
 	RESERVED
-	TODO: check
+	- dnsmasq <unfixed> (low)
+	[wheezy] - dnsmasq <no-dsa> (Minor issue)
+	[squeeze] - dnsmasq <no-dsa> (Minor issue)
 	NOTE: CVE request http://www.openwall.com/lists/oss-security/2013/01/18/2
 CVE-2013-0197 [XSS vulnerability with match_type filter]
 	RESERVED
@@ -2944,6 +2946,7 @@
 	TODO: check
 CVE-2013-0177
 	RESERVED
+	NOT-FOR-US: OFBiz
 CVE-2013-0176
 	RESERVED
 CVE-2013-0175
@@ -3641,7 +3644,7 @@
 	- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
 	NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
 	NOTE: https://codereview.qt-project.org/#change,42461
-	NOTE: Fixed in Qt 4.8.5, and the 4.7.6 and 4.6.5 patch releases.
+	NOTE: Fixed in 4:4.8.2+dfsg-10
 CVE-2012-6092
 	RESERVED
 CVE-2012-6091
@@ -5050,8 +5053,7 @@
 	- squid3 <unfixed> (bug #696187)
 CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...)
 	- fail2ban 0.8.6-3wheezy1 (low; bug #696184)
-	[squeeze] - fail2ban <not-affected> (<20130117202405.GM19929 at onerussian.com>)
-	NOTE: http://www.openwall.com/lists/oss-security/2012/12/17/1
+	[squeeze] - fail2ban <not-affected> (Introduced in 0.8.6, see #696187)
 CVE-2012-5641
 	RESERVED
 	- couchdb <not-affected> (Only affects CouchDB on Windows)

More information about the Secure-testing-commits mailing list