[Secure-testing-commits] Processing r5306 failed
The error message was: error: unknown package note 'bug#407683' make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5308 - data/CVE
Author: stef-guest Date: 2007-01-20 16:30:26 +0100 (Sat, 20 Jan 2007) New Revision: 5308 Modified: data/CVE/list Log: - new gstreamer-ffmpeg issue fixed - remove duplicate gosa entry Modified: data/CVE/list === --- data/CVE/list 2007-01-20 14:34:16 UTC (rev 5307) +++ data/CVE/list 2007-01-20 15:30:26 UTC (rev 5308) @@ -1,3 +1,7 @@ +CVE-2007- [gstreamer-ffmpeg unspecified issue related to sps and pps ids] + - gstreamer0.10-ffmpeg 0.10.1-4 + - gst-ffmpeg 0.8.7-8 + TODO: check other ffmpeg related packages CVE-2007- [wireshark multiple issues fixed in 0.99.5pre1] - wireshark 0.99.4-4 (low) [sarge] - ethereal not-affected (Vulnerable code not present) @@ -388,9 +392,6 @@ - yacas unfixed (bug #399226; bug #399227; low) CVE-2007- [TXT record parsing overflow with special characters] - pdns unfixed (bug #406465) -CVE-2007- [gosa allows non-priviledged users to change admin password] - - gosa 2.5.8-1 (medium) - NOTE: http://secunia.com/advisories/23749/ CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...) - squid 2.6.5-4 (low; bug #407202) [sarge] - squid not-affected (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5309 - data/CVE
Author: stef-guest Date: 2007-01-20 16:57:54 +0100 (Sat, 20 Jan 2007) New Revision: 5309 Modified: data/CVE/list Log: bugnum Modified: data/CVE/list === --- data/CVE/list 2007-01-20 15:30:26 UTC (rev 5308) +++ data/CVE/list 2007-01-20 15:57:54 UTC (rev 5309) @@ -7,7 +7,7 @@ [sarge] - ethereal not-affected (Vulnerable code not present) NOTE: Oldest affected Ethereal version is 0.10.14 CVE-2007- [netpbm heap corruption] - - netpbm-free 2:10.0-11 + - netpbm-free 2:10.0-11 (bug #407605) CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...) NOT-FOR-US: Openads CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5312 - data/CVE
Author: fw
Date: 2007-01-20 20:41:37 +0100 (Sat, 20 Jan 2007)
New Revision: 5312
Modified:
data/CVE/list
Log:
Fix a few issues where tetex-bin was latently vulnerable
Modified: data/CVE/list
===
--- data/CVE/list 2007-01-20 19:31:57 UTC (rev 5311)
+++ data/CVE/list 2007-01-20 19:41:37 UTC (rev 5312)
@@ -19506,10 +19506,11 @@
- pdftohtml 0.36-12
- cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
+ - tetex-bin 3.0-12
+ NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf,
pdftohtml, ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- - tetex not-affected (Links dynamically to poppler)
- kdegraphics 4:3.5.0-3
- gpdf 2.10.0-2 (bug #342286)
- xpdf 3.01-4
@@ -19519,6 +19520,8 @@
- pdftohtml 0.36-12
- cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
+ - tetex-bin 3.0-12
+ NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- poppler 0.4.3-2
@@ -19531,10 +19534,12 @@
- pdftohtml 0.36-12
- cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
+ - tetex-bin 3.0-12
+ NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml,
poppler, ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- - tetex not-affected (Links dynamically to poppler)
+ - tetex 3.0-12
- kdegraphics 4:3.5.0-3
- xpdf 3.01-4
- gpdf 2.10.0-2 (bug #342286)
@@ -19544,10 +19549,11 @@
- pdftohtml 0.36-12
- cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
+ NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for
xpdf, ...)
{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1
DSA-932-1 DSA-931-1 DTSA-28-1}
- poppler 0.4.4-1 (bug #346076)
- - tetex not-affected (Links dynamically to poppler)
+ - tetex-bin 3.0-12
- gpdf 2.10.0-2 (bug #342286)
- kdegraphics 4:3.5.0-3
- xpdf 3.01-4
@@ -19557,6 +19563,7 @@
- pdftohtml 0.36-12
- cupsys 1.1.22-7
NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
+ NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for
MAY_SATTR ...)
[sarge] - kernel-source-2.6.8 not-affected (Does not contain NFS ACLs)
- linux-2.6 2.6.14-7
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5313 - data/CVE
Author: fw
Date: 2007-01-20 20:46:09 +0100 (Sat, 20 Jan 2007)
New Revision: 5313
Modified:
data/CVE/list
Log:
CVE-2006-3619: gcc-3.4 no longer builds the fastjar package
Modified: data/CVE/list
===
--- data/CVE/list 2007-01-20 19:41:37 UTC (rev 5312)
+++ data/CVE/list 2007-01-20 19:46:09 UTC (rev 5313)
@@ -8333,6 +8333,8 @@
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in
Gnu GCC ...)
{DSA-1170}
- gcc-4.1 4.1.1-11 (bug #368397; low)
+ - gcc-3.4 3.4.4-0
+ NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By
Lev ...)
NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in
...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r5314 - data/CVE
Author: fw Date: 2007-01-20 20:51:58 +0100 (Sat, 20 Jan 2007) New Revision: 5314 Modified: data/CVE/list Log: CVE-2006-6585: iceweasel fixed Modified: data/CVE/list === --- data/CVE/list 2007-01-20 19:46:09 UTC (rev 5313) +++ data/CVE/list 2007-01-20 19:51:58 UTC (rev 5314) @@ -1583,7 +1583,7 @@ CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...) NOT-FOR-US: Vortex Blog CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...) - - iceweasel unfixed + - iceweasel 2.0.0.1+dfsg-1 - firefox removed TODO: check iceape, sarge's firefox CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
