[Secure-testing-commits] r17862 - in data: . CVE

Fri, 23 Dec 2011 12:23:29 -0800 

Author: jmm
Date: 2011-12-23 20:23:17 +0000 (Fri, 23 Dec 2011)
New Revision: 17862

Modified:
   data/CVE/list
   data/next-point-update.txt
   data/spu-candidates.txt
Log:
unixodbc fixed
zorp, unixodbc no-dsa
record CVE-less typo3 DSA (requested CVE ID)
new kernel issue (didn't affect any release)
record fixes for eglibc spu upload
record clamav fix


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-12-23 15:31:51 UTC (rev 17861)
+++ data/CVE/list       2011-12-23 20:23:17 UTC (rev 17862)
@@ -1082,6 +1082,9 @@
        RESERVED
 CVE-2011-4594
        RESERVED
+       - linux-2.6 3.1-1
+       [squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 
dev cycle)
+       [lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev 
cycle)
 CVE-2011-4593
        RESERVED
        - moodle <not-affected> (Only affects 2.x)
@@ -3951,6 +3954,7 @@
        [lenny] - pam <no-dsa> (Minor issue)
 CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote 
attackers to ...)
        - clamav 0.97.3+dfsg-1 (low)
+       [squeeze] - clamav 0.97.3+dfsg-1~squeeze1
 CVE-2011-3626
        RESERVED
 CVE-2011-3625 [mplayer SAMI subtitle parsing buffer overflow]
@@ -5898,6 +5902,9 @@
        NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS)
 CVE-2011-XXXX [TYPO3-SA-2011-001]
        - typo3-src 4.5.4+dfsg1-1 (bug #635937)
+       [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze1
+       [lenny] - typo3-src 4.2.5-1+lenny8
+       NOTE: This was DSA 2289
 CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava 
...)
        NOT-FOR-US: Ecava IntegraXor
 CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk 
...)
@@ -11076,7 +11083,9 @@
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
 CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()]
        RESERVED
-       - unixodbc <unfixed> (low; bug #617655)
+       - unixodbc 2.2.14p2-3 (low; bug #617655)
+       [squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious 
server)
+       [lenny] - unixodbc <no-dsa> (Only exploitable through a malicious 
server)
        NOTE: http://seclists.org/oss-sec/2011/q1/446
 CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to 
...)
        - php5 <not-affected> (incomplete fix never used in Debian packages)
@@ -11110,9 +11119,10 @@
 CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware 
...)
        NOT-FOR-US: VMware Workstation
 CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or 
libc6) ...)
-       - glibc <removed>
-       - eglibc <unfixed>
-       TODO: check
+       - glibc <removed> (unimportant)
+       - eglibc <unfixed> (unimportant)
+       NOTE: That's standard POSIX behaviour implemented by (e)glibc. 
Applications using
+       NOTE: glob need to impose limits for themselves
 CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) 
process_put ...)
        NOTE: That's essentially shooting yourself in your own foot:
        NOTE: 
http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html
@@ -30999,6 +31009,8 @@
        - gcj-4.3 <undetermined>
        - gcj-4.4 <undetermined>
        - zorp 3.9.2-1
+       [squeeze] - zorp <no-dsa> (Minor issue)
+       [lenny] - zorp <no-dsa> (Minor issue)
        NOTE: for any of the currently unfixed implementations, you can solve 
the problem by disabling renegotiation 
        NOTE: the following implement RFC 5746:
        NOTE: - openssl 0.9.8m-1

Modified: data/next-point-update.txt
===================================================================
--- data/next-point-update.txt  2011-12-23 15:31:51 UTC (rev 17861)
+++ data/next-point-update.txt  2011-12-23 20:23:17 UTC (rev 17862)
@@ -31,6 +31,12 @@
        [squeeze] - gnutls26 2.8.6-1+squeeze1
 CVE-2011-3378
        [squeeze] - rpm 4.8.1-6+squeeze1
+CVE-2011-1095
+       [squeeze] - eglibc 2.11.3-2
+CVE-2011-1071
+       [squeeze] - eglibc 2.11.3-2
+CVE-2011-1659
+       [squeeze] - eglibc 2.11.3-2
 
 
 
@@ -41,4 +47,3 @@
 
 
 
-

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2011-12-23 15:31:51 UTC (rev 17861)
+++ data/spu-candidates.txt     2011-12-23 20:23:17 UTC (rev 17862)
@@ -64,6 +64,11 @@
 
 --
 
+gif2png (CVE-2010-4694, CVE-2010-4695)
+#610479
+
+--
+
 gnash (CVE-2011-4328)
 #649384
 
@@ -243,7 +248,18 @@
 system-config-printer (CVE-2011-2899)
 #639243
 
+--
 
+tsclient (CVE-2011-0900, CVE-2011-0901)
+#613204
+
+--
+
+unixodbc (CVE-2011-1145)
+#617655
+
+--
+
 nss (CVE-2011-XXXX)
 https://bugzilla.mozilla.org/show_bug.cgi?id=641052
 
@@ -256,3 +272,7 @@
 
 xpdf (CVE-2011-2902)
 #635849
+
+--
+
+zorp (CVE-2009-3555)


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to