[Secure-testing-commits] r24076 - in data: . CVE

Thijs Kinkhorst thijs at alioth.debian.org
Sun Oct 20 15:58:32 UTC 2013 

Author: thijs
Date: 2013-10-20 15:58:32 +0000 (Sun, 20 Oct 2013)
New Revision: 24076

Modified:
   data/CVE/list
   data/next-oldstable-point-update.txt
Log:
oldstable point release


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-10-19 22:32:35 UTC (rev 24075)
+++ data/CVE/list	2013-10-20 15:58:32 UTC (rev 24076)
@@ -806,6 +806,7 @@
 CVE-2013-5743
 	RESERVED
 	- zabbix 1:2.0.8+dfsg-2
+	[squeeze] - zabbix 1:1.8.2-1squeeze5
 CVE-2013-5742
 	RESERVED
 CVE-2013-5741
@@ -4822,7 +4823,7 @@
 CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...)
 	- samba 2:3.6.17-1 (low)
 	[wheezy] - samba 2:3.6.6-6+deb7u1
-	[squeeze] - samba <no-dsa> (Minor issue)
+	[squeeze] - samba 2:3.5.6~dfsg-3squeeze10
 	- samba4 <unfixed> (low)
 	[wheezy] - samba4 <no-dsa> (Minor issue)
 	NOTE: https://www.samba.org/samba/security/CVE-2013-4124
@@ -8040,7 +8041,7 @@
 	- modsecurity-apache 2.6.6-9 (bug #710217)
 	- libapache-mod-security <removed> (bug #710217)
 	[wheezy] - modsecurity-apache 2.6.6-6+deb7u1
-	[squeeze] - libapache-mod-security <no-dsa> (Minor issue)
+	[squeeze] - libapache-mod-security 2.5.12-1+squeeze2
 	NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
 	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
 CVE-2013-2764
@@ -9766,7 +9767,7 @@
 CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
 	- libmodule-signature-perl 0.73-1 (bug #711239)
 	[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
-	[squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
+	[squeeze] - libmodule-signature-perl 0.63-1+squeeze1
 CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
 	NOT-FOR-US: RHEV Manager
 CVE-2013-2143
@@ -10084,7 +10085,7 @@
 CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt]
 	RESERVED
 	- openvpn 2.3.1-1 (low; bug #707329)
-	[squeeze] - openvpn <no-dsa> (Minor issue)
+	[squeeze] - openvpn 2.1.3-2+squeeze2
 	[wheezy] - openvpn 2.2.1-8+deb7u1
 	NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
 CVE-2013-2060
@@ -10221,8 +10222,10 @@
 	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
 CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
 	- clamav 0.97.8+dfsg-1
+	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
 CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...)
 	- clamav 0.97.8+dfsg-1
+	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
 CVE-2013-2019 [stack overflow vulnerabilities in the XML parser]
 	RESERVED
 	- boinc 6.13.6+dfsg-1 (low)
@@ -10948,7 +10951,7 @@
 	RESERVED
 	- ruby-openid 2.1.8debian-6 (bug #702217)
 	- libopenid-ruby <removed> (bug #702217)
-	[squeeze] - libopenid-ruby <no-dsa> (Minor issue)
+	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
 CVE-2013-1811 [Reporter can change issue status to 'new']
 	RESERVED
 	- mantis <unfixed> (low; bug #698481)
@@ -12475,7 +12478,7 @@
 CVE-2013-1364 [possible to override LDAP configuration parameters via the API]
 	RESERVED
 	- zabbix 1:2.0.4+dfsg-2 (bug #698541)
-	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
+	[squeeze] - zabbix 1:1.8.2-1squeeze5
 	NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
 CVE-2013-1363
 	RESERVED
@@ -18070,7 +18073,7 @@
 	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
 CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow ...)
 	- grep 2.11-1 (low; bug #701897)
-	[squeeze] - grep <no-dsa> (Minor issue)
+	[squeeze] - grep 2.6.3-3+squeeze1
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
 	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
 	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
@@ -18481,7 +18484,7 @@
 CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...)
 	- pcp 3.7.1 (bug #698735; low)
 	NOTE: first package in unstable is 3.7.1 (package has no debian revision)
-	[squeeze] - pcp <no-dsa> (Minor issue)
+	[squeeze] - pcp 3.3.3-squeeze3
 CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
 	{DSA-2648-1}
 	- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
@@ -21569,7 +21572,7 @@
 CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...)
 	- smarty3 3.1.10-2 (bug #688153)
 	- smarty <removed> (bug #702710)
-	[squeeze] - smarty <no-dsa> (Will be fixed in point update)
+	[squeeze] - smarty 2.6.26-0.2+squeeze1
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
 	NOTE: http://secunia.com/advisories/50589/
 	NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
@@ -27607,7 +27610,7 @@
 CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
 	- texlive-extra 2012.20130315-1 (low; bug #668779)
 	[wheezy] - texlive-extra <no-dsa> (Minor issue)
-	[squeeze] - texlive-extra <no-dsa> (Minor issue)
+	[squeeze] - texlive-extra 2009-10+squeeze1
 CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...)
 	- linux 3.2.20-1
 	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, was added in 3.1)
@@ -32444,7 +32447,7 @@
 	NOT-FOR-US: Trend Micro Control Manager
 CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and ...)
 	- openssh 1:5.9p1-1
-	[squeeze] - openssh <no-dsa> (Minor issue)
+	[squeeze] - openssh 1:5.5p1-6+squeeze4
 	NOTE: looking at the code an additional integer overflow check was added in at least 5.9
 CVE-2011-4999
 	RESERVED
@@ -38249,13 +38252,14 @@
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
 	- zabbix 1:1.8.9-1
-	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
+	[squeeze] - zabbix 1:1.8.2-1squeeze5
 CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
 	- zabbix 1:1.8.6-1 (unimportant)
+	[squeeze] - zabbix 1:1.8.2-1squeeze5
 	NOTE: Installation path is known anyway for the Debian package
 CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows ...)
 	- zabbix 1:1.8.6-1
-	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
+	[squeeze] - zabbix 1:1.8.2-1squeeze5
 CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 ...)
 	{DSA-2337-1}
 	- xen 4.1.1-1
@@ -63616,7 +63620,7 @@
 	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
 	NOTE: might've been fixed earlier
 	- graphviz 2.26.3-14 (low; bug #702436)
-	[squeeze] - graphviz <no-dsa> (Minor issue)
+	[squeeze] - graphviz 2.26.3-5+squeeze1
 CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...)
 	NOT-FOR-US: ActiveScan Installer ActiveX control
 CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)

Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt	2013-10-19 22:32:35 UTC (rev 24075)
+++ data/next-oldstable-point-update.txt	2013-10-20 15:58:32 UTC (rev 24076)
@@ -1,40 +1,2 @@
-CVE-2011-5000
-	[squeeze] - openssh 1:5.5p1-6+squeeze4
 CVE-2013-0176
 	[squeeze] - libssh 0.4.5-3+squeeze2
-CVE-2012-4437
-	[squeeze] - smarty 2.6.26-0.2+squeeze1
-CVE-2009-3736
-	[squeeze] - graphviz 2.26.3-5+squeeze1
-CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
-	[squeeze] - texlive-extra 2009-10+squeeze1
-CVE-2013-2021
-	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
-CVE-2013-2020
-	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
-CVE-2013-2765
-	[squeeze] - libapache-mod-security 2.5.12-1+squeeze2
-CVE-2013-2061
-	[squeeze] - openvpn 2.1.3-2+squeeze2
-CVE-2013-2145
-	[squeeze] - libmodule-signature-perl 0.63-1+squeeze1
-CVE-2013-1812
-	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
-CVE-2012-5667
-	[squeeze] - grep 2.6.3-3+squeeze1
-CVE-2012-5530
-	[squeeze] - pcp 3.3.3-squeeze3
-CVE-2013-4124
-	[squeeze] - samba 2:3.5.6~dfsg-3squeeze10
-CVE-2013-5743
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3263
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3265
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3264
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3265
-	[squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2013-1364
-	[squeeze] - zabbix 1:1.8.2-1squeeze5

More information about the Secure-testing-commits mailing list