[Secure-testing-commits] r21498 - in data: CVE DSA

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Mar 4 08:28:21 UTC 2013 

Author: jmm
Date: 2013-03-04 08:28:21 +0000 (Mon, 04 Mar 2013)
New Revision: 21498

Modified:
   data/CVE/list
   data/DSA/list
Log:
new issue in ruby-openid (different srcpkg name in stable)
add two more CVE IDs fixed in recent Xen DSA
remove no-dsa for libsocialweb, got a fix
no-dsa: mantis, gambas
gambas3 was called gambas2 in stable/oldstable, mark it as removed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-03-04 07:59:21 UTC (rev 21497)
+++ data/CVE/list	2013-03-04 08:28:21 UTC (rev 21498)
@@ -968,15 +968,20 @@
 	[squeeze] - busybox <no-dsa> (Minor issue)
 CVE-2013-1812
 	RESERVED
+	- ruby-openid <unfixed>
+	- libopenid-ruby <removed>
 CVE-2013-1811 [Reporter can change issue status to 'new']
 	RESERVED
-	- mantis <unfixed> (bug #698481)
+	- mantis <unfixed> (low; bug #698481)
+	[squeeze] - mantis <no-dsa> (Minor issue)
 CVE-2013-1810 [summary.php category/project names XSS vulnerability]
 	RESERVED
 	- mantis <not-affected> (only affects MantisBT 1.2.12)
 CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
 	RESERVED
 	- gambas3 <unfixed> (low; bug #702184)
+	- gambas2 <removed> 
+	[squeeze] - gambas2 <no-dsa> (Minor issue)
 	NOTE: https://code.google.com/p/gambas/issues/detail?id=365
 CVE-2013-1808
 	RESERVED
@@ -3056,6 +3061,7 @@
 	- chromium-browser 25.0.1364.97-1
 	- ffmpeg <removed>
 	- libav <unfixed>
+	NOTE: Fixed in 6:9.3-1 in experimental
 CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
 	- chromium-browser 25.0.1364.97-1
 CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
@@ -10552,7 +10558,6 @@
 	NOTE: Konqueror not supported security-wise
 CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically ...)
 	- libsocialweb 0.25.20-3.1 (low; bug #690675)
-	[wheezy] - libsocialweb <no-dsa> (Minor issue)
 CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...)
 	{DSA-2562-1}
 	- cups-pk-helper 0.2.3-1

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2013-03-04 07:59:21 UTC (rev 21497)
+++ data/DSA/list	2013-03-04 08:28:21 UTC (rev 21498)
@@ -1,5 +1,5 @@
 [01 Mar 2013] DSA-2636-1 xen - several
-	{CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2013-0153}
+	{CVE-2012-2625 CVE-2012-4544 CVE-2012-5511 CVE-2012-5634 CVE-2012-6333 CVE-2013-0153}
 	[squeeze] - xen 4.0.1-5.7
 [01 Mar 2013] DSA-2635-1 cfingerd - buffer overflow
 	{CVE-2013-1049}

More information about the Secure-testing-commits mailing list