[Secure-testing-commits] r16534 - in data: . CVE

Mon, 18 Apr 2011 01:00:53 -0700 

Author: jmm
Date: 2011-04-18 07:59:27 +0000 (Mon, 18 Apr 2011)
New Revision: 16534

Modified:
   data/CVE/list
   data/spu-candidates.txt
Log:
- kde4libs fixed (no-dsa)
- two new chrome issues fixed
- libmodplug fixed, libmojolicious-perl fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-04-17 17:02:34 UTC (rev 16533)
+++ data/CVE/list       2011-04-18 07:59:27 UTC (rev 16534)
@@ -1,3 +1,5 @@
+CVE-2011-XXXX [mojoicous directory traversal]
+       - libmojolicious-perl 1.16-1
 CVE-2011-1691 (The counterToCSSValue function in 
CSSComputedStyleDeclaration.cpp in ...)
        TODO: check
 CVE-2011-1690
@@ -253,7 +255,7 @@
        NOTE: http://www.pureftpd.org/project/pure-ftpd/news
 CVE-2011-1574
        RESERVED
-       - libmodplug <unfixed> (low; bug #622091)
+       - libmodplug 1:0.8.8.2-1 (low; bug #622091)
 CVE-2011-1573
        RESERVED
 CVE-2011-1572 [ADC path traversal]
@@ -965,8 +967,12 @@
        RESERVED
 CVE-2011-1302
        RESERVED
+       - chromium-browser 10.0.648.205~r81283-1
+       - webkit <undetermined>
 CVE-2011-1301
        RESERVED
+       - chromium-browser 10.0.648.205~r81283-1
+       - webkit <undetermined>
 CVE-2011-1300
        RESERVED
 CVE-2011-1299
@@ -1341,6 +1347,9 @@
        [squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
 CVE-2011-1168
        RESERVED
+       - kde4libs 4:4.4.5-4 (low)
+       [squeeze] - kde4libs <no-dsa> (Minor issue)
+       [lenny] - kde4libs <no-dsa> (Minor issue)
 CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) 
decoder in ...)
        {DSA-2210-1}
        - tiff 3.9.4-9 (bug #619614)
@@ -1624,10 +1633,11 @@
        NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
        NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
 CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 
does not ...)
-       - kde4libs <unfixed>
+       - kde4libs 4:4.4.5-4 (low)
+       [squeeze] - kde4libs <no-dsa> (Minor issue)
+       [lenny] - kde4libs <no-dsa> (Minor issue)
        - kdelibs <undetermined>
        NOTE: http://seclists.org/oss-sec/2011/q1/434
-       TODO: file a bug in BTS, check severity. check if kdelibs is affected 
too.
 CVE-2011-1093
        RESERVED
        - linux-2.6 2.6.38-1 (low)
@@ -2665,6 +2675,7 @@
 CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local 
users to ...)
        {DSA-2205-1}
        - gdm3 2.30.5-9
+       - gdm <not-affected> (Affected code was introduced in 2.28)
 CVE-2011-0726
        RESERVED
 CVE-2011-0725 (Absolute path traversal vulnerability in the ...)
@@ -8758,6 +8769,9 @@
 CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, 
Thunderbird ...)
        {DSA-2123-1}
        - nss 3.12.8-1
+       - kde4libs 4:4.4.5-4 (low)
+       [squeeze] - kde4libs <no-dsa> (Minor issue)
+       [lenny] - kde4libs <no-dsa> (Minor issue)
 CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in 
Mozilla ...)
        {DSA-2106-1}
        - xulrunner <removed>

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2011-04-17 17:02:34 UTC (rev 16533)
+++ data/spu-candidates.txt     2011-04-18 07:59:27 UTC (rev 16534)
@@ -48,6 +48,11 @@
 
 --
 
+kde4libs (CVE-2011-1168, CVE-2011-3170, CVE-2011-1094)
+Fixed in 4:4.4.5-4
+
+--
+
 krb5 (CVE-2011-0281/CVE-2010-0282)
 maintainer preparing upload (r16154)
 


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to