[Secure-testing-commits] r24076 - in data: . CVE
Thijs Kinkhorst
thijs at alioth.debian.org
Sun Oct 20 15:58:32 UTC 2013
Author: thijs
Date: 2013-10-20 15:58:32 +0000 (Sun, 20 Oct 2013)
New Revision: 24076
Modified:
data/CVE/list
data/next-oldstable-point-update.txt
Log:
oldstable point release
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-10-19 22:32:35 UTC (rev 24075)
+++ data/CVE/list 2013-10-20 15:58:32 UTC (rev 24076)
@@ -806,6 +806,7 @@
CVE-2013-5743
RESERVED
- zabbix 1:2.0.8+dfsg-2
+ [squeeze] - zabbix 1:1.8.2-1squeeze5
CVE-2013-5742
RESERVED
CVE-2013-5741
@@ -4822,7 +4823,7 @@
CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...)
- samba 2:3.6.17-1 (low)
[wheezy] - samba 2:3.6.6-6+deb7u1
- [squeeze] - samba <no-dsa> (Minor issue)
+ [squeeze] - samba 2:3.5.6~dfsg-3squeeze10
- samba4 <unfixed> (low)
[wheezy] - samba4 <no-dsa> (Minor issue)
NOTE: https://www.samba.org/samba/security/CVE-2013-4124
@@ -8040,7 +8041,7 @@
- modsecurity-apache 2.6.6-9 (bug #710217)
- libapache-mod-security <removed> (bug #710217)
[wheezy] - modsecurity-apache 2.6.6-6+deb7u1
- [squeeze] - libapache-mod-security <no-dsa> (Minor issue)
+ [squeeze] - libapache-mod-security 2.5.12-1+squeeze2
NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
CVE-2013-2764
@@ -9766,7 +9767,7 @@
CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
- libmodule-signature-perl 0.73-1 (bug #711239)
[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
- [squeeze] - libmodule-signature-perl <no-dsa> (Minor issue)
+ [squeeze] - libmodule-signature-perl 0.63-1+squeeze1
CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
NOT-FOR-US: RHEV Manager
CVE-2013-2143
@@ -10084,7 +10085,7 @@
CVE-2013-2061 [use of non-constant-time memcmp in HMAC comparison in openvpn_decrypt]
RESERVED
- openvpn 2.3.1-1 (low; bug #707329)
- [squeeze] - openvpn <no-dsa> (Minor issue)
+ [squeeze] - openvpn 2.1.3-2+squeeze2
[wheezy] - openvpn 2.2.1-8+deb7u1
NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2060
@@ -10221,8 +10222,10 @@
NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
- clamav 0.97.8+dfsg-1
+ [squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...)
- clamav 0.97.8+dfsg-1
+ [squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2019 [stack overflow vulnerabilities in the XML parser]
RESERVED
- boinc 6.13.6+dfsg-1 (low)
@@ -10948,7 +10951,7 @@
RESERVED
- ruby-openid 2.1.8debian-6 (bug #702217)
- libopenid-ruby <removed> (bug #702217)
- [squeeze] - libopenid-ruby <no-dsa> (Minor issue)
+ [squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
CVE-2013-1811 [Reporter can change issue status to 'new']
RESERVED
- mantis <unfixed> (low; bug #698481)
@@ -12475,7 +12478,7 @@
CVE-2013-1364 [possible to override LDAP configuration parameters via the API]
RESERVED
- zabbix 1:2.0.4+dfsg-2 (bug #698541)
- [squeeze] - zabbix <no-dsa> (Will be handled through point update)
+ [squeeze] - zabbix 1:1.8.2-1squeeze5
NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
CVE-2013-1363
RESERVED
@@ -18070,7 +18073,7 @@
NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow ...)
- grep 2.11-1 (low; bug #701897)
- [squeeze] - grep <no-dsa> (Minor issue)
+ [squeeze] - grep 2.6.3-3+squeeze1
NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
@@ -18481,7 +18484,7 @@
CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...)
- pcp 3.7.1 (bug #698735; low)
NOTE: first package in unstable is 3.7.1 (package has no debian revision)
- [squeeze] - pcp <no-dsa> (Minor issue)
+ [squeeze] - pcp 3.3.3-squeeze3
CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
{DSA-2648-1}
- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
@@ -21569,7 +21572,7 @@
CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...)
- smarty3 3.1.10-2 (bug #688153)
- smarty <removed> (bug #702710)
- [squeeze] - smarty <no-dsa> (Will be fixed in point update)
+ [squeeze] - smarty 2.6.26-0.2+squeeze1
NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
NOTE: http://secunia.com/advisories/50589/
NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
@@ -27607,7 +27610,7 @@
CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
- texlive-extra 2012.20130315-1 (low; bug #668779)
[wheezy] - texlive-extra <no-dsa> (Minor issue)
- [squeeze] - texlive-extra <no-dsa> (Minor issue)
+ [squeeze] - texlive-extra 2009-10+squeeze1
CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...)
- linux 3.2.20-1
[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, was added in 3.1)
@@ -32444,7 +32447,7 @@
NOT-FOR-US: Trend Micro Control Manager
CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and ...)
- openssh 1:5.9p1-1
- [squeeze] - openssh <no-dsa> (Minor issue)
+ [squeeze] - openssh 1:5.5p1-6+squeeze4
NOTE: looking at the code an additional integer overflow check was added in at least 5.9
CVE-2011-4999
RESERVED
@@ -38249,13 +38252,14 @@
NOT-FOR-US: Wordpress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
- zabbix 1:1.8.9-1
- [squeeze] - zabbix <no-dsa> (Will be handled through point update)
+ [squeeze] - zabbix 1:1.8.2-1squeeze5
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
- zabbix 1:1.8.6-1 (unimportant)
+ [squeeze] - zabbix 1:1.8.2-1squeeze5
NOTE: Installation path is known anyway for the Debian package
CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows ...)
- zabbix 1:1.8.6-1
- [squeeze] - zabbix <no-dsa> (Will be handled through point update)
+ [squeeze] - zabbix 1:1.8.2-1squeeze5
CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 ...)
{DSA-2337-1}
- xen 4.1.1-1
@@ -63616,7 +63620,7 @@
NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
NOTE: might've been fixed earlier
- graphviz 2.26.3-14 (low; bug #702436)
- [squeeze] - graphviz <no-dsa> (Minor issue)
+ [squeeze] - graphviz 2.26.3-5+squeeze1
CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...)
NOT-FOR-US: ActiveScan Installer ActiveX control
CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
Modified: data/next-oldstable-point-update.txt
===================================================================
--- data/next-oldstable-point-update.txt 2013-10-19 22:32:35 UTC (rev 24075)
+++ data/next-oldstable-point-update.txt 2013-10-20 15:58:32 UTC (rev 24076)
@@ -1,40 +1,2 @@
-CVE-2011-5000
- [squeeze] - openssh 1:5.5p1-6+squeeze4
CVE-2013-0176
[squeeze] - libssh 0.4.5-3+squeeze2
-CVE-2012-4437
- [squeeze] - smarty 2.6.26-0.2+squeeze1
-CVE-2009-3736
- [squeeze] - graphviz 2.26.3-5+squeeze1
-CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
- [squeeze] - texlive-extra 2009-10+squeeze1
-CVE-2013-2021
- [squeeze] - clamav 0.97.8+dfsg-1~squeeze1
-CVE-2013-2020
- [squeeze] - clamav 0.97.8+dfsg-1~squeeze1
-CVE-2013-2765
- [squeeze] - libapache-mod-security 2.5.12-1+squeeze2
-CVE-2013-2061
- [squeeze] - openvpn 2.1.3-2+squeeze2
-CVE-2013-2145
- [squeeze] - libmodule-signature-perl 0.63-1+squeeze1
-CVE-2013-1812
- [squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
-CVE-2012-5667
- [squeeze] - grep 2.6.3-3+squeeze1
-CVE-2012-5530
- [squeeze] - pcp 3.3.3-squeeze3
-CVE-2013-4124
- [squeeze] - samba 2:3.5.6~dfsg-3squeeze10
-CVE-2013-5743
- [squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3263
- [squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3265
- [squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3264
- [squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2011-3265
- [squeeze] - zabbix 1:1.8.2-1squeeze5
-CVE-2013-1364
- [squeeze] - zabbix 1:1.8.2-1squeeze5
More information about the Secure-testing-commits
mailing list