[Secure-testing-commits] r16939 - in data: . CVE

Thu, 14 Jul 2011 08:24:43 -0700 

Author: jmm
Date: 2011-07-14 15:24:31 +0000 (Thu, 14 Jul 2011)
New Revision: 16939

Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- apt fixed
- new vlc issues (FD, please create ticket)
- new foo2zjs issue (no-dsa)
- add missing icedove fixes
- fix wireshark entries


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-07-14 10:39:51 UTC (rev 16938)
+++ data/CVE/list       2011-07-14 15:24:31 UTC (rev 16939)
@@ -105,6 +105,9 @@
        NOTE: Since 3.3.0 openoffice.org is a transitional source package to 
migrate to libreoffice
 CVE-2011-2684
        RESERVED
+       - foo2zjs <unfixed> (low; bug filed)
+       [lenny] - foo2zjs <no-dsa> (Minor issue)
+       [squeeze] - foo2zjs <no-dsa> (Minor issue)
 CVE-2011-2683
        RESERVED
        - reseed <removed>
@@ -343,10 +346,12 @@
        RESERVED
 CVE-2011-2589
        RESERVED
-CVE-2011-2588
+CVE-2011-2588 [ http://www.videolan.org/security/sa1106.html ]
        RESERVED
-CVE-2011-2587
+       - vlc <unfixed> (bug #633675)
+CVE-2011-2587 [ http://www.videolan.org/security/sa1105.html ]
        RESERVED
+       - vlc <unfixed> (bug #633674)
 CVE-2011-2586
        RESERVED
 CVE-2011-2585
@@ -905,7 +910,7 @@
        [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner 
from the xulrunner source pkg)
        - iceape 2.0.14-3
        [lenny] - iceape <not-affected> (Only a stub package)
-       - icedove <unfixed>
+       - icedove 3.1.11-1
 CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and 
...)
        {DSA-2273-3 DSA-2269-1 DSA-2268-1}
        - iceweasel 3.5.19-3
@@ -914,7 +919,7 @@
        [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner 
from the xulrunner source pkg)
        - iceape 2.0.14-3
        [lenny] - iceape <not-affected> (Only a stub package)
-       - icedove <unfixed>
+       - icedove 3.1.11-1
 CVE-2011-2361
        RESERVED
 CVE-2011-2360
@@ -1921,11 +1926,11 @@
        NOTE: Crashes w/o code injection not treated as security issues, see 
README.Security
 CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
        {DSA-2274-1}
-       - wireshark 1.2.17-1 (unimportant)
+       - wireshark 1.6.0-1 (unimportant)
        NOTE: Crashes w/o code injection not treated as security issues, see 
README.Security
 CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c 
in the ...)
        {DSA-2274-1}
-       - wireshark 1.2.17-1 (unimportant)
+       - wireshark 1.6.0-1 (unimportant)
        NOTE: Crashes w/o code injection not treated as security issues, see 
README.Security
 CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an 
incorrect ...)
        - wireshark 1.4.6-1 (unimportant)
@@ -2258,7 +2263,7 @@
        RESERVED
 CVE-2011-1829
        RESERVED
-       - apt <unfixed>
+       - apt 0.8.15.2
        [squeeze] - apt <not-affected> (Vulnerable code not present)
        [lenny] - apt <not-affected> (Vulnerable code not present)
 CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not 
enforce ...)
@@ -7533,7 +7538,7 @@
        [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner 
from the xulrunner source pkg)
        - iceape 2.0.14-3
        [lenny] - iceape <not-affected> (Only a stub package)
-       - icedove <unfixed>
+       - icedove 3.1.11-1
 CVE-2011-0084
        RESERVED
 CVE-2011-0083 (Use-after-free vulnerability in the 
nsSVGPathSegList::ReplaceItem ...)
@@ -7544,7 +7549,7 @@
        [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner 
from the xulrunner source pkg)
        - iceape 2.0.14-3
        [lenny] - iceape <not-affected> (Only a stub package)
-       - icedove <unfixed>
+       - icedove 3.1.11-1
 CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla 
Firefox ...)
        - xulrunner <removed>
        - iceweasel <unfixed> (low; bug #627552)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt    2011-07-14 10:39:51 UTC (rev 16938)
+++ data/ospu-candidates.txt    2011-07-14 15:24:31 UTC (rev 16939)
@@ -189,6 +189,11 @@
 
 --
 
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
 gif2png (CVE-2010-4695/CVE-2010-4696)
 #610479
 awaiting maintainer response

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2011-07-14 10:39:51 UTC (rev 16938)
+++ data/spu-candidates.txt     2011-07-14 15:24:31 UTC (rev 16939)
@@ -43,6 +43,11 @@
 
 --
 
+foo2zjs (CVE-2011-2684)
+maintainer notified in initial bug report
+
+--
+
 gif2png (CVE-2010-4695/CVE-2010-4696)
 #610479
 awaiting maintainer response


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to