[Secure-testing-commits] r40252 - in data: CVE DLA

Paul Wise pabs at moszumanska.debian.org
Wed Mar 9 05:09:26 UTC 2016 

Author: pabs
Date: 2016-03-09 05:09:26 +0000 (Wed, 09 Mar 2016)
New Revision: 40252

Modified:
   data/CVE/list
   data/DLA/list
Log:
Fix some epochs and version numbers

Suggested-by: Stephen Quintero <stephen at datagridsys.com>
Suggested-in: <CAHMDtUqWqxKfXLUNScu0c1hgY4M_FPoMtYiSF=krKiAw_C0p7Q at mail.gmail.com>

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-03-08 21:18:31 UTC (rev 40251)
+++ data/CVE/list	2016-03-09 05:09:26 UTC (rev 40252)
@@ -46254,7 +46254,7 @@
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...)
-	- phpmyadmin 4.2.6-1
+	- phpmyadmin 4:4.2.6-1
 	[squeeze] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
 	[wheezy] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
 CVE-2014-4953
@@ -99741,7 +99741,7 @@
 CVE-2011-3938
 	RESERVED
 CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, ...)
-	- libav 4:0.8.3-1
+	- libav 6:0.8.3-1
 	- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
 CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before ...)
 	{DSA-2471-1}
@@ -110606,7 +110606,7 @@
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
 CVE-2010-4653 [integer overflow when parsing CharCodes for fonts]
 	RESERVED
-	- kdegraphics 4.0
+	- kdegraphics 4:4.0.0-1
 	- xpdf 3.02-9
 	- poppler 0.16.3-1 (low)
 	[lenny] - poppler <no-dsa> (minor issue)
@@ -112529,7 +112529,7 @@
 	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...)
-	- xfig 3.2.5.b-1.1 (bug #606257)
+	- xfig 1:3.2.5.b-1.1 (bug #606257)
 	NOTE: details and patch at https://bugzilla.redhat.com/659676
 CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
 	- clamav 0.96.5+dfsg-1
@@ -114036,22 +114036,22 @@
 CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
-	- dovecot 1.2.15-1
+	- dovecot 1:1.2.15-1
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
-	- dovecot 1.2.15-1
+	- dovecot 1:1.2.15-1
 	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
 CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux ...)
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-25
 CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...)
 	{DSA-2135-1 DSA-2119-1}
-	- kdegraphics 4.0
+	- kdegraphics 4:4.0.0-1
 	- xpdf 3.02-9
 	- poppler 0.12.4-1.2 (bug #599165)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
 CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...)
-	- kdegraphics 4.0
+	- kdegraphics 4:4.0.0-1
 	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
 	- xpdf 3.02-9
 	[lenny] - xpdf <not-affected> (Vulnerable code not present)
@@ -114060,7 +114060,7 @@
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
 CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...)
 	{DSA-2135-1 DSA-2119-1}
-	- kdegraphics 4.0
+	- kdegraphics 4:4.0.0-1
 	- xpdf 3.02-9
 	- poppler 0.12.4-1.2 (bug #599165)
 	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
@@ -114367,7 +114367,7 @@
 CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact ...)
 	NOT-FOR-US: McAfee VirusScan Enterprise
 CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...)
-	- zodb 3.9.4-1.1 (bug #599711)
+	- zodb 1:3.9.4-1.1 (bug #599711)
 CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...)
 	- python-pyftpdlib 0.5.2-1 (low)
 	NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
@@ -124248,7 +124248,7 @@
 	RESERVED
 CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
 	RESERVED
-	- kdegraphics 4.0 (unimportant)
+	- kdegraphics 4:4.0.0-1 (unimportant)
 	- xpdf <unfixed> (unimportant)
 	- poppler 0.16.3-1 (unimportant)
 	[squeeze] - poppler 0.12.4-1.2+squeeze1
@@ -124256,7 +124256,7 @@
 	NOTE: Just a crasher, not treated as a security issue
 CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
 	RESERVED
-	- kdegraphics 4.0 (unimportant)
+	- kdegraphics 4:4.0.0-1 (unimportant)
 	- xpdf <unfixed>  (unimportant)
 	- poppler 0.16.3-1 (unimportant)
 	[squeeze] - poppler 0.12.4-1.2+squeeze1
@@ -126216,7 +126216,7 @@
 CVE-2009-4036
 	RESERVED
 CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
-	- kdegraphics 4.0
+	- kdegraphics 4:4.0.0-1
 	- xpdf 3.01-1
 	- poppler 0.5.1-1
 	- swftools 0.9.2+ds1-2
@@ -133740,7 +133740,7 @@
 	NOTE: http://trac.webkit.org/changeset/42081
 	- qt4-x11 4:4.5.2-1
 	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
-	- kdelibs 3.5.10.dfsg.1-2.1 (medium; bug #534949)
+	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949)
 	- kde4libs 4:4.3.0-1 (medium)
 CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...)
 	{DSA-1950-1}
@@ -162637,7 +162637,7 @@
 	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
 	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
 	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
-	- rar 3.7b1-1 (low; bug #437704)
+	- rar 1:3.7b1-1 (low; bug #437704)
 	[etch] - rar <not-affected> (Vulnerable code was fixed already)
 	[sarge] - rar <no-dsa> (Non-free not supported)
 CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
@@ -186576,7 +186576,7 @@
 	- freetype 2.2.1-1 (medium)
 CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
 	{DSA-1008-1}
-	- kdegraphics 3.5.0-3
+	- kdegraphics 4:3.5.0-3
 	NOTE: Only affected the 3.3.2 KDE backport
 CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
 	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2016-03-08 21:18:31 UTC (rev 40251)
+++ data/DLA/list	2016-03-09 05:09:26 UTC (rev 40252)
@@ -678,7 +678,7 @@
 	[squeeze] - ruby1.8 1.8.7.302-2squeeze4
 [17 May 2015] DLA-223-1 nbd - security update
 	{CVE-2015-0847}
-	[squeeze] - nbd 2.9.16-8+squeeze2
+	[squeeze] - nbd 1:2.9.16-8+squeeze2
 [16 May 2015] DLA-222-1 commons-httpclient - security update
 	{CVE-2012-5783 CVE-2012-6153 CVE-2014-3577}
 	[squeeze] - commons-httpclient 3.1-9+deb6u1

More information about the Secure-testing-commits mailing list