[Secure-testing-commits] r40252 - in data: CVE DLA
Paul Wise
pabs at moszumanska.debian.org
Wed Mar 9 05:09:26 UTC 2016
Author: pabs
Date: 2016-03-09 05:09:26 +0000 (Wed, 09 Mar 2016)
New Revision: 40252
Modified:
data/CVE/list
data/DLA/list
Log:
Fix some epochs and version numbers
Suggested-by: Stephen Quintero <stephen at datagridsys.com>
Suggested-in: <CAHMDtUqWqxKfXLUNScu0c1hgY4M_FPoMtYiSF=krKiAw_C0p7Q at mail.gmail.com>
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-03-08 21:18:31 UTC (rev 40251)
+++ data/CVE/list 2016-03-09 05:09:26 UTC (rev 40252)
@@ -46254,7 +46254,7 @@
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...)
- - phpmyadmin 4.2.6-1
+ - phpmyadmin 4:4.2.6-1
[squeeze] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
[wheezy] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
CVE-2014-4953
@@ -99741,7 +99741,7 @@
CVE-2011-3938
RESERVED
CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, ...)
- - libav 4:0.8.3-1
+ - libav 6:0.8.3-1
- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before ...)
{DSA-2471-1}
@@ -110606,7 +110606,7 @@
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
CVE-2010-4653 [integer overflow when parsing CharCodes for fonts]
RESERVED
- - kdegraphics 4.0
+ - kdegraphics 4:4.0.0-1
- xpdf 3.02-9
- poppler 0.16.3-1 (low)
[lenny] - poppler <no-dsa> (minor issue)
@@ -112529,7 +112529,7 @@
- linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...)
- - xfig 3.2.5.b-1.1 (bug #606257)
+ - xfig 1:3.2.5.b-1.1 (bug #606257)
NOTE: details and patch at https://bugzilla.redhat.com/659676
CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
- clamav 0.96.5+dfsg-1
@@ -114036,22 +114036,22 @@
CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss ...)
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
- - dovecot 1.2.15-1
+ - dovecot 1:1.2.15-1
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
- - dovecot 1.2.15-1
+ - dovecot 1:1.2.15-1
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux ...)
{DSA-2126-1}
- linux-2.6 2.6.32-25
CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...)
{DSA-2135-1 DSA-2119-1}
- - kdegraphics 4.0
+ - kdegraphics 4:4.0.0-1
- xpdf 3.02-9
- poppler 0.12.4-1.2 (bug #599165)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...)
- - kdegraphics 4.0
+ - kdegraphics 4:4.0.0-1
[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
- xpdf 3.02-9
[lenny] - xpdf <not-affected> (Vulnerable code not present)
@@ -114060,7 +114060,7 @@
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...)
{DSA-2135-1 DSA-2119-1}
- - kdegraphics 4.0
+ - kdegraphics 4:4.0.0-1
- xpdf 3.02-9
- poppler 0.12.4-1.2 (bug #599165)
NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
@@ -114367,7 +114367,7 @@
CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact ...)
NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...)
- - zodb 3.9.4-1.1 (bug #599711)
+ - zodb 1:3.9.4-1.1 (bug #599711)
CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...)
- python-pyftpdlib 0.5.2-1 (low)
NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
@@ -124248,7 +124248,7 @@
RESERVED
CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
RESERVED
- - kdegraphics 4.0 (unimportant)
+ - kdegraphics 4:4.0.0-1 (unimportant)
- xpdf <unfixed> (unimportant)
- poppler 0.16.3-1 (unimportant)
[squeeze] - poppler 0.12.4-1.2+squeeze1
@@ -124256,7 +124256,7 @@
NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
RESERVED
- - kdegraphics 4.0 (unimportant)
+ - kdegraphics 4:4.0.0-1 (unimportant)
- xpdf <unfixed> (unimportant)
- poppler 0.16.3-1 (unimportant)
[squeeze] - poppler 0.12.4-1.2+squeeze1
@@ -126216,7 +126216,7 @@
CVE-2009-4036
RESERVED
CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
- - kdegraphics 4.0
+ - kdegraphics 4:4.0.0-1
- xpdf 3.01-1
- poppler 0.5.1-1
- swftools 0.9.2+ds1-2
@@ -133740,7 +133740,7 @@
NOTE: http://trac.webkit.org/changeset/42081
- qt4-x11 4:4.5.2-1
[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
- - kdelibs 3.5.10.dfsg.1-2.1 (medium; bug #534949)
+ - kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949)
- kde4libs 4:4.3.0-1 (medium)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...)
{DSA-1950-1}
@@ -162637,7 +162637,7 @@
- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
- - rar 3.7b1-1 (low; bug #437704)
+ - rar 1:3.7b1-1 (low; bug #437704)
[etch] - rar <not-affected> (Vulnerable code was fixed already)
[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
@@ -186576,7 +186576,7 @@
- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
{DSA-1008-1}
- - kdegraphics 3.5.0-3
+ - kdegraphics 4:3.5.0-3
NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-03-08 21:18:31 UTC (rev 40251)
+++ data/DLA/list 2016-03-09 05:09:26 UTC (rev 40252)
@@ -678,7 +678,7 @@
[squeeze] - ruby1.8 1.8.7.302-2squeeze4
[17 May 2015] DLA-223-1 nbd - security update
{CVE-2015-0847}
- [squeeze] - nbd 2.9.16-8+squeeze2
+ [squeeze] - nbd 1:2.9.16-8+squeeze2
[16 May 2015] DLA-222-1 commons-httpclient - security update
{CVE-2012-5783 CVE-2012-6153 CVE-2014-3577}
[squeeze] - commons-httpclient 3.1-9+deb6u1
More information about the Secure-testing-commits
mailing list