[Secure-testing-commits] r13575 - in data: . CVE

Moritz Muehlenhoff Wed, 16 Dec 2009 12:48:14 -0800

Author: jmm-guest
Date: 2009-12-16 20:48:05 +0000 (Wed, 16 Dec 2009)
New Revision: 13575


Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
* xulrunner fixed
* clamav ltdl copy fixed some time ago
* celementtree expat copy fixed before etch release


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-12-16 17:28:08 UTC (rev 13574)
+++ data/CVE/list       2009-12-16 20:48:05 UTC (rev 13575)
@@ -916,19 +916,19 @@
        - xulrunner <not-affected> (Windows-specific vulnerability)
 CVE-2009-3986 [Privilege escalation via chrome window.opener]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
 CVE-2009-3985 [URL spoofing via invalid document.location]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
 CVE-2009-3984 [SSL spoofing with document.location]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
 CVE-2009-3983 [NTLM reflection vulnerability]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
 CVE-2009-3982 [Crashes with evidence of memory corruption]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
        [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 CVE-2009-3981 [Crashes with evidence of memory corruption]
        RESERVED
@@ -936,11 +936,11 @@
        NOTE: Only affects Firefox 3
 CVE-2009-3980 [Crashes with evidence of memory corruption]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
        [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 CVE-2009-3979 [Crashes with evidence of memory corruption]
        RESERVED
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in 
decoders/gif/nsGIFDecoder2.cpp ...)
        - xulrunner 1.9.1.5-1 (unimportant)
        NOTE: Browser crashes not treated as security issues
@@ -1589,7 +1589,9 @@
        - synfig <unfixed> (low; bug #559829)
        - xmlsec1 1.2.14-1 (unimportant; bug #559831)
        NOTE: Embedded code copy isn't used
-       - clamav <unfixed> (low; bug #559832)
+       - clamav 0.95+dfsg-1 (low; bug #559832)
+       [lenny] - clamav <no-dsa> (Minor issue)
+       [etch] - clamav <no-dsa> (Minor issue)
        - imagemagick <unfixed> (low; bug #559833)
        - hypre 2.4.0b-5 (low; bug #559834)
        [etch] - hypre <no-dsa> (Minor issue)
@@ -1684,9 +1686,6 @@
        [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
        - wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
        [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
-       - celementtree <unfixed> (low; bug #560918)
-       [etch] - celementtree <no-dsa> (minor issue)
-       [lenny] - celementtree <no-dsa> (minor issue)
        - audacity <unfixed> (low; bug #560919)
        [etch] - audacity <no-dsa> (minor issue)
        [lenny] - audacity <no-dsa> (minor issue)
@@ -2190,9 +2189,6 @@
        [lenny] - wxwidgets2.6 <no-dsa> (minor issue)
        - wxwidgets2.8 2.8.10.1-2 (low; bug #560917)
        [lenny] - wxwidgets2.8 <no-dsa> (minor issue)
-       - celementtree <unfixed> (low; bug #560918)
-       [etch] - celementtree <no-dsa> (minor issue)
-       [lenny] - celementtree <no-dsa> (minor issue)
        - audacity <unfixed> (low; bug #560919)
        [etch] - audacity <no-dsa> (minor issue)
        [lenny] - audacity <no-dsa> (minor issue)
@@ -2695,12 +2691,12 @@
 CVE-2009-3389 [libtheora/Firefox]
        RESERVED
        - libtheora 1.1
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
        [lenny] - xulrunner <not-affected> (Video playback capabilities were 
added in 3.5)
 CVE-2009-3388 [liboggplay/Firefox]
        RESERVED
        - liboggplay <unfixed>
-       - xulrunner <unfixed>
+       - xulrunner 1.9.1.6-1
        [lenny] - xulrunner <not-affected> (Video playback capabilities were 
added in 3.5)
 CVE-2009-3387
        RESERVED

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies   2009-12-16 17:28:08 UTC (rev 13574)
+++ data/embedded-code-copies   2009-12-16 20:48:05 UTC (rev 13575)
@@ -1087,7 +1087,8 @@
        - wxwindows2.4 <removed> (embed)
        - wxwidgets2.6 2.6.3.2.2-4 (embed)
        - wxwidgets2.8 2.8.10.1-2 (embed)
-       - celementtree <unfixed> (embed)
+       - celementtree 1.0.5-8 (embed)
+       NOTE: Maybe that was fixed even earlier
        - audacity 1.3.2-1 (embed)
        - matanza <unfixed> (embed)
        - tdom <unfixed> (embed)
@@ -1566,7 +1567,7 @@
        - synfig <unfixed> (embed)
        - unixodbc 2.2.4-5 (embed)
        - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto 
modules)
-       - clamav <unfixed> (embed)
+       - clamav 0.95+dfsg-1 (embed)
        - imagemagick <unfixed> (embed)
        - hypre 2.4.0b-5 (embed)
        - lam <unfixed> (embed)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r13575 - in data: . CVE

Reply via email to