[Secure-testing-commits] r22499 - in data: . CVE

Wed Jun 5 16:10:14 UTC 2013

Author: jmm
Date: 2013-06-05 16:10:13 +0000 (Wed, 05 Jun 2013)
New Revision: 22499

Modified:
   data/CVE/list
   data/dsa-needed-stable.txt
Log:
gallery not-affected
various no-dsa for squeeze
add myself for remaining mozilla DSAs


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2013-06-05 16:00:38 UTC (rev 22498)
+++ data/CVE/list	2013-06-05 16:10:13 UTC (rev 22499)
@@ -3657,8 +3657,7 @@
 	- srtp <unfixed> (bug #711163)
 CVE-2013-2138 [gallery: improper stripping of URL fragments might lead to replay attacks]
 	RESERVED
-	- gallery <unfixed>
-	TODO: check. might only affect 3.x
+	- gallery <not-affected> (Old 1.5 version not affected)
 CVE-2013-2137
 	RESERVED
 CVE-2013-2136
@@ -4638,7 +4637,6 @@
 CVE-2013-1872 [i965: out of bounds read/write]
 	RESERVED
 	- mesa 8.0.5-7
-	TODO: check
 CVE-2013-1871
 	RESERVED
 CVE-2013-1870
@@ -5384,7 +5382,8 @@
 	{DSA-2622-1}
 	- polarssl 1.1.4-2 (bug #699887)
 CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
-	- nss 2:3.14.3-1 (bug #699888)
+	- nss 2:3.14.3-1 (low; bug #699888)
+	[squeeze] - nss <no-dsa> (Minor issue)
 CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...)
 	- gnutls26 2.12.20-4
 	- gnutls28 3.0.22-3
@@ -9479,6 +9478,7 @@
 	- mysql-5.5 5.5.30+dfsg-1.1 (bug #699886)
 	- polarssl 1.1.4-2 (bug #699887)
 	- nss 2:3.14.3-1 (bug #699888)
+	[squeeze] - nss <no-dsa> (Minor issue)
 	- gnutls26 2.12.20-4
 	- gnutls28 3.0.22-3
 	- openjdk-7 7u3-2.1.6-1
@@ -14738,6 +14738,7 @@
 CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server ...)
 	- modsecurity-apache 2.6.6-5 (bug #691146)
 	- libapache-mod-security <removed>
+	[squeeze] - libapache-mod-security <no-dsa> (Minor issue)
 CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...)
 	- mcrypt 2.6.8-1.3 (unimportant; bug #690924)
 	NOTE: patch proposed by submitter at RH bugzilla is incorrect
@@ -20430,7 +20431,8 @@
 	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
 	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
 CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in ...)
-	- serendipity <removed> (bug #671937; medium)
+	- serendipity <removed> (bug #671937; low)
+	[squeeze] - serendipity <no-dsa> (Minor issue)
 	NOTE: http://www.koramis.com/advisories/2012/KORAMIS-ADV2012-001.txt
 	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
 	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
@@ -36511,7 +36513,8 @@
 	- python2.7 2.7.1-7
 	- python2.6 2.6.7-1 (bug #628455)
 	- python2.5 <removed>
-	- python2.4 <removed>
+	[squeeze] - python2.6 <no-dsa> (Minor issue)
+	[squeeze] - python2.5 <no-dsa> (Minor issue)
 	NOTE: http://bugs.python.org/issue11662
 CVE-2011-XXXX [htmlpurifier various]
 	- php-htmlpurifier 4.3.0+dfsg1-1 (unimportant)
@@ -41311,6 +41314,7 @@
 	[wheezy] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
 CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in ...)
 	- mhonarc 2.6.18-1 (low; bug #607693)
+	[squeeze] - mhonarc <no-dsa> (Minor issue)
 CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
 	NOT-FOR-US: MyBB
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
@@ -49220,7 +49224,8 @@
 	- mapserver 5.6.5-2
 	NOTE: http://trac.osgeo.org/mapserver/ticket/3641
 CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service ...)
-	- mhonarc 2.6.18-1
+	- mhonarc 2.6.18-1 (low)
+	[squeeze] - mhonarc <no-dsa> (Minor issue)
 CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...)
 	{DSA-2136-1}
 	- tor 0.2.1.26-6

Modified: data/dsa-needed-stable.txt
===================================================================
--- data/dsa-needed-stable.txt	2013-06-05 16:00:38 UTC (rev 22498)
+++ data/dsa-needed-stable.txt	2013-06-05 16:10:13 UTC (rev 22499)
@@ -17,9 +17,9 @@
 openjdk-7
   Package from sid needs to be rebuild in stable-security
 --
-iceape
+iceape (jmm)
 --
-icedove
+icedove (jmm)
 --
 tiff
 --
@@ -29,6 +29,8 @@
 --
 memcached
 --
+mesa
+--
 openswan
 --
 pymongo


