[Secure-testing-commits] Processing r5306 failed
The error message was: error: unknown package note 'bug#407683' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5308 - data/CVE
Author: stef-guest Date: 2007-01-20 16:30:26 +0100 (Sat, 20 Jan 2007) New Revision: 5308 Modified: data/CVE/list Log: - new gstreamer-ffmpeg issue fixed - remove duplicate gosa entry Modified: data/CVE/list === --- data/CVE/list 2007-01-20 14:34:16 UTC (rev 5307) +++ data/CVE/list 2007-01-20 15:30:26 UTC (rev 5308) @@ -1,3 +1,7 @@ +CVE-2007- [gstreamer-ffmpeg unspecified issue related to sps and pps ids] + - gstreamer0.10-ffmpeg 0.10.1-4 + - gst-ffmpeg 0.8.7-8 + TODO: check other ffmpeg related packages CVE-2007- [wireshark multiple issues fixed in 0.99.5pre1] - wireshark 0.99.4-4 (low) [sarge] - ethereal not-affected (Vulnerable code not present) @@ -388,9 +392,6 @@ - yacas unfixed (bug #399226; bug #399227; low) CVE-2007- [TXT record parsing overflow with special characters] - pdns unfixed (bug #406465) -CVE-2007- [gosa allows non-priviledged users to change admin password] - - gosa 2.5.8-1 (medium) - NOTE: http://secunia.com/advisories/23749/ CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...) - squid 2.6.5-4 (low; bug #407202) [sarge] - squid not-affected (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5309 - data/CVE
Author: stef-guest Date: 2007-01-20 16:57:54 +0100 (Sat, 20 Jan 2007) New Revision: 5309 Modified: data/CVE/list Log: bugnum Modified: data/CVE/list === --- data/CVE/list 2007-01-20 15:30:26 UTC (rev 5308) +++ data/CVE/list 2007-01-20 15:57:54 UTC (rev 5309) @@ -7,7 +7,7 @@ [sarge] - ethereal not-affected (Vulnerable code not present) NOTE: Oldest affected Ethereal version is 0.10.14 CVE-2007- [netpbm heap corruption] - - netpbm-free 2:10.0-11 + - netpbm-free 2:10.0-11 (bug #407605) CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) NOT-FOR-US: Openads CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5312 - data/CVE
Author: fw Date: 2007-01-20 20:41:37 +0100 (Sat, 20 Jan 2007) New Revision: 5312 Modified: data/CVE/list Log: Fix a few issues where tetex-bin was latently vulnerable Modified: data/CVE/list === --- data/CVE/list 2007-01-20 19:31:57 UTC (rev 5311) +++ data/CVE/list 2007-01-20 19:41:37 UTC (rev 5312) @@ -19506,10 +19506,11 @@ - pdftohtml 0.36-12 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. + - tetex-bin 3.0-12 + NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - - tetex not-affected (Links dynamically to poppler) - kdegraphics 4:3.5.0-3 - gpdf 2.10.0-2 (bug #342286) - xpdf 3.01-4 @@ -19519,6 +19520,8 @@ - pdftohtml 0.36-12 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. + - tetex-bin 3.0-12 + NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.3-2 @@ -19531,10 +19534,12 @@ - pdftohtml 0.36-12 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. + - tetex-bin 3.0-12 + NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - - tetex not-affected (Links dynamically to poppler) + - tetex 3.0-12 - kdegraphics 4:3.5.0-3 - xpdf 3.01-4 - gpdf 2.10.0-2 (bug #342286) @@ -19544,10 +19549,11 @@ - pdftohtml 0.36-12 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. + NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...) {DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1} - poppler 0.4.4-1 (bug #346076) - - tetex not-affected (Links dynamically to poppler) + - tetex-bin 3.0-12 - gpdf 2.10.0-2 (bug #342286) - kdegraphics 4:3.5.0-3 - xpdf 3.01-4 @@ -19557,6 +19563,7 @@ - pdftohtml 0.36-12 - cupsys 1.1.22-7 NOTE: cupsys switched to an external PDF implementation in 1.1.22-7. + NOTE: tetex-bin switched to poppler in 3.0-12. CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...) [sarge] - kernel-source-2.6.8 not-affected (Does not contain NFS ACLs) - linux-2.6 2.6.14-7 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5313 - data/CVE
Author: fw Date: 2007-01-20 20:46:09 +0100 (Sat, 20 Jan 2007) New Revision: 5313 Modified: data/CVE/list Log: CVE-2006-3619: gcc-3.4 no longer builds the fastjar package Modified: data/CVE/list === --- data/CVE/list 2007-01-20 19:41:37 UTC (rev 5312) +++ data/CVE/list 2007-01-20 19:46:09 UTC (rev 5313) @@ -8333,6 +8333,8 @@ CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...) {DSA-1170} - gcc-4.1 4.1.1-11 (bug #368397; low) + - gcc-3.4 3.4.4-0 + NOTE: gcc-3.4 no longer builds the fastjar package CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...) NOT-FOR-US: Pixelated By Lev (PBL) Guestbook CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5314 - data/CVE
Author: fw Date: 2007-01-20 20:51:58 +0100 (Sat, 20 Jan 2007) New Revision: 5314 Modified: data/CVE/list Log: CVE-2006-6585: iceweasel fixed Modified: data/CVE/list === --- data/CVE/list 2007-01-20 19:46:09 UTC (rev 5313) +++ data/CVE/list 2007-01-20 19:51:58 UTC (rev 5314) @@ -1583,7 +1583,7 @@ CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...) NOT-FOR-US: Vortex Blog CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...) - - iceweasel unfixed + - iceweasel 2.0.0.1+dfsg-1 - firefox removed TODO: check iceape, sarge's firefox CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits