[Secure-testing-commits] r12983 - lib/python
Author: fw
Date: 2009-10-11 10:23:56 + (Sun, 11 Oct 2009)
New Revision: 12983
Modified:
lib/python/web_support.py
Log:
lib/python/web_support.py (WebServiceBase): new class
Factored common functionality into base class, in preparation of
alternative invocation methods.
Modified: lib/python/web_support.py
===
--- lib/python/web_support.py 2009-10-10 23:42:52 UTC (rev 12982)
+++ lib/python/web_support.py 2009-10-11 10:23:56 UTC (rev 12983)
@@ -599,10 +599,9 @@
write(Content-Type: %s\n\n % self.mimetype)
write(self.contents)
-class WebService(Service):
-def __init__(self, socket_name):
-Service.__init__(self, socket_name)
-self.__router = PathRouter()
+class WebServiceBase:
+def __init__(self):
+self.router = PathRouter()
def register(self, path, method):
Requests that method is invoked if path is encountered.
@@ -616,12 +615,8 @@
The method is expected to return a HTMLResult object.
-self.__router.register(path, method)
+self.router.register(path, method)
-def __writeError(self, result, code, msg):
-result.write('Status: %d\nContent-Type: text/plain\n\n%s\n'
- % (code, msg))
-
def html_dtd(self):
Returns the DOCTYPE declaration to be used for HTML documents.
Can be overridden.
@@ -654,6 +649,16 @@
Invoked by handle prior to calling the registered handler.
pass
+class WebService(Service, WebServiceBase):
+CGI service implemented using servinvoke
+def __init__(self, socket_name):
+Service.__init__(self, socket_name)
+WebServiceBase.__init__(self)
+
+def __writeError(self, result, code, msg):
+result.write('Status: %d\nContent-Type: text/plain\n\n%s\n'
+ % (code, msg))
+
def handle(self, args, environment, data, result):
params = cgi.parse(data, environment)
path = environment.get('PATH_INFO', '')
@@ -664,7 +669,7 @@
script_name = environment.get('SCRIPT_NAME', '')
try:
-(method, remaining) = self.__router.get(path)
+(method, remaining) = self.router.get(path)
except InvalidPath:
self.__writeError(result, 404, page not found)
return
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12984 - lib/python
Author: fw
Date: 2009-10-11 12:02:02 + (Sun, 11 Oct 2009)
New Revision: 12984
Modified:
lib/python/web_support.py
Log:
lib/python/web_support.py (WebServiceHttp): implement HTTP invocation
Introduces flatten_later helper methods in Result objects.
Modified: lib/python/web_support.py
===
--- lib/python/web_support.py 2009-10-11 10:23:56 UTC (rev 12983)
+++ lib/python/web_support.py 2009-10-11 12:02:02 UTC (rev 12984)
@@ -26,6 +26,9 @@
import traceback
import types
import urllib
+import threading
+import SocketServer
+import BaseHTTPServer
class ServinvokeError(Exception):
pass
@@ -556,6 +559,13 @@
def flatten(self, write):
pass
+def flatten_later(self):
+Flattens this result.
+
+Returns a closure which sends the result using a
+BaseHTTPRequestHandler object passed as argument.
+pass
+
class RedirectResult(Result):
Permanently redirects the browser to a new URL.
def __init__(self, url, permanent=True):
@@ -568,6 +578,13 @@
def flatten(self, write):
write(Status: %d\nLocation: %s\n\n % (self.status, self.url))
+def flatten_later(self):
+def later(req):
+req.send_response(self.status)
+req.send_header('Location', self.url)
+req.end_headers()
+return later
+
class HTMLResult(Result):
An object of this class combines a status code with HTML contents.
def __init__(self, contents, status=200, doctype=''):
@@ -584,6 +601,19 @@
write(Content-Type: text/html\n\n%s\n % self.doctype)
self.contents.flatten(write)
+def flatten_later(self):
+buf = cStringIO.StringIO()
+buf.write(self.doctype)
+buf.write('\n')
+self.contents.flatten(buf.write)
+buf = buf.getvalue()
+def later(req):
+req.send_response(self.status)
+req.send_header('Content-Type', 'text/html; charset=UTF-8')
+req.end_headers()
+req.wfile.write(buf)
+return later
+
class BinaryResult(Result):
An object of this class combines a status code with HTML contents.
def __init__(self, contents, status=200,
@@ -599,6 +629,13 @@
write(Content-Type: %s\n\n % self.mimetype)
write(self.contents)
+def flatten_later(self):
+def later(req):
+req.send_response(self.status)
+req.send_header('Content-Type', self.mimetype)
+req.wfile.write(self.contents)
+return later
+
class WebServiceBase:
def __init__(self):
self.router = PathRouter()
@@ -679,6 +716,80 @@
assert isinstance(r, Result), `r`
r.flatten(result.write)
+class ThreadingHTTPServer(BaseHTTPServer.HTTPServer,
+ SocketServer.ThreadingMixIn):
+pass
+
+RE_BASE_URL = re.compile(r'^http://([^/]+)(.*)')
+
+class WebServiceHTTP(WebServiceBase):
+def __init__(self, socket_name):
+WebServiceBase.__init__(self)
+(base_url, address, port) = socket_name
+self.lock = threading.Lock()
+
+self.__parse_base_url(base_url)
+
+service_self = self
+class Handler(BaseHTTPServer.BaseHTTPRequestHandler):
+def do_GET(self):
+(method, path, remaining, params) = self.route()
+if path is None:
+return
+
+url = URLFactory(service_self.server_name,
+ service_self.script_name,
+ path, params)
+
+service_self.lock.acquire()
+try:
+service_self.pre_dispatch()
+r = method(remaining, params, url)
+assert isinstance(r, Result), `r`
+result = r.flatten_later()
+finally:
+service_self.lock.release()
+result(self)
+
+def __parse_path(self):
+pos = self.path.find('?')
+if pos 0:
+return (self.path, {})
+path = self.path[:pos]
+if path[:1] != '/':
+path = '/' + path
+params = cgi.parse_qs(self.path[pos + 1:])
+return (path, params)
+
+def route(self):
+(path, params) = self.__parse_path()
+prefix_len = len(service_self.script_name)
+prefix = path[0:prefix_len]
+result = None
+if prefix == service_self.script_name:
+suffix = path[prefix_len:]
+try:
+(method, remaining) = \
+service_self.router.get(suffix)
+return (method, suffix, remaining, params)
+except InvalidPath:
+pass
+
[Secure-testing-commits] r12985 - bin
Author: fw
Date: 2009-10-11 12:04:15 + (Sun, 11 Oct 2009)
New Revision: 12985
Modified:
bin/tracker_service.py
Log:
bin/tracker_service.py: implement HTTP invocation
The old command line arguments still create a servinvoke-based service.
Modified: bin/tracker_service.py
===
--- bin/tracker_service.py 2009-10-11 12:02:02 UTC (rev 12984)
+++ bin/tracker_service.py 2009-10-11 12:04:15 UTC (rev 12985)
@@ -2,18 +2,27 @@
import sys
sys.path.insert(0,'../lib/python')
-
-if len(sys.argv) 3:
-print usage: python tracker_serivce.py SOCKET-PATH DATABASE-PATH
-sys.exit(1)
-socket_name = sys.argv[1]
-db_name = sys.argv[2]
-
import bugs
import re
import security_db
from web_support import *
+if len(sys.argv) not in (3, 5):
+print usage: python tracker_service.py SOCKET-PATH DATABASE-PATH
+printpython tracker_service.py URL HOST PORT DATABASE-PATH
+sys.exit(1)
+if len(sys.argv) == 3:
+socket_name = sys.argv[1]
+db_name = sys.argv[2]
+webservice_base_class = WebService
+else:
+server_base_url = sys.argv[1]
+server_address = sys.argv[2]
+server_port = int(sys.argv[3])
+socket_name = (server_base_url, server_address, server_port)
+db_name = sys.argv[4]
+webservice_base_class = WebServiceHTTP
+
class BugFilter:
default_action_list = [(hide_medium_urgency, lower urgencies),
(hide_non_remote, local vulnerabilities)]
@@ -62,7 +71,7 @@
Returns True if no DSA will be issued for the bug.
return nodsa and self.params['hide_nodsa']
-class TrackerService(WebService):
+class TrackerService(webservice_base_class):
head_contents = compose(STYLE(
h1 { font-size : 144%; }
h2 { font-size : 120%; }
@@ -94,7 +103,7 @@
''')).toHTML()
def __init__(self, socket_name, db_name):
-WebService.__init__(self, socket_name)
+webservice_base_class.__init__(self, socket_name)
self.db = security_db.DB(db_name)
self.register('', self.page_home)
self.register('*', self.page_object)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12986 - bin
Author: fw Date: 2009-10-11 12:05:22 + (Sun, 11 Oct 2009) New Revision: 12986 Modified: bin/test-web-server Log: bin/test-web-server: switch to HTTP invocation Modified: bin/test-web-server === --- bin/test-web-server 2009-10-11 12:04:15 UTC (rev 12985) +++ bin/test-web-server 2009-10-11 12:05:22 UTC (rev 12986) @@ -4,44 +4,14 @@ server_port=10605 service=tracker_service.py -thttpd=/usr/sbin/thttpd +url=http://localhost:$server_port/tracker; -if ! command -v mktemp /dev/null ; then -echo 'error: mktemp required' -exit 1 -elif ! command -v servinvoke /dev/null ; then -echo 'error: servinvoke required' -exit 1 -elif ! test -x $thttpd ; then -echo 'error: thttpd required' -exit 1 -fi - -bindir=`dirname $0` +bindir=`dirname $0` if ! test -r $bindir/$service ; then echo error: failed to locate bin directory (tried $bindir) exit 1 fi -webroot=`mktemp -d` -if ! test -d $webroot ; then -echo error: invalid TMPDIR setting -rm -rf -- $webroot -exit 1 -fi -trap rm -rf $webroot 0 -cat $webroot/tracker EOF -#!/usr/bin/servinvoke - -copy-env -target-unix $webroot/service-socket -EOF -chmod 755 $webroot/tracker -$thttpd -h localhost -p $server_port -c tracker \ --d $webroot -l $webroot/log -i $webroot/pid -echo URL: http://localhost:$server_port/tracker; - cd $bindir -python $service $webroot/service-socket ../data/security.db || true -read pid $webroot/pid -kill $pid +echo URL: $url +python $service $url localhost $server_port ../data/security.db || true ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12987 - lib/python
Author: fw
Date: 2009-10-11 12:52:56 + (Sun, 11 Oct 2009)
New Revision: 12987
Modified:
lib/python/web_support.py
Log:
lib/python/web_support.py (BinaryResult_later): call end_headers()
Modified: lib/python/web_support.py
===
--- lib/python/web_support.py 2009-10-11 12:05:22 UTC (rev 12986)
+++ lib/python/web_support.py 2009-10-11 12:52:56 UTC (rev 12987)
@@ -633,6 +633,7 @@
def later(req):
req.send_response(self.status)
req.send_header('Content-Type', self.mimetype)
+req.end_headers()
req.wfile.write(self.contents)
return later
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12988 - / data data/nvd
Author: fw Date: 2009-10-11 17:40:16 + (Sun, 11 Oct 2009) New Revision: 12988 Added: data/nvd/ Modified: Makefile Log: Makefile: add update-nvd target Modified: Makefile === --- Makefile2009-10-11 12:52:56 UTC (rev 12987) +++ Makefile2009-10-11 17:40:16 UTC (rev 12988) @@ -134,3 +134,10 @@ $(PYTHON) bin/apt-update-file \ $(BACKPORTS_MIRROR)/lenny-backports/main/binary-armel/Packages \ data/packages/lenny-backports__main_armel_Packages + +update-nvd: + for x in $$(seq 2002 $$(date +%Y)) ; do \ + name=nvdcve-$$x.xml; \ + wget -q -Odata/nvd/$$name http://nvd.nist.gov/download/$$name || true; \ + done + python bin/update-nvd data/nvd/nvdcve-200*.xml Property changes on: data/nvd ___ Added: svn:ignore + nvdcve-*.xml ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12989 - data/CVE
Author: fw Date: 2009-10-11 17:54:48 + (Sun, 11 Oct 2009) New Revision: 12989 Modified: data/CVE/list Log: CVE-2009-3602: unbound Modified: data/CVE/list === --- data/CVE/list 2009-10-11 17:40:16 UTC (rev 12988) +++ data/CVE/list 2009-10-11 17:54:48 UTC (rev 12989) @@ -1,3 +1,6 @@ +CVE-2009-3602 [NSEC3 validation bypass in Unbound] + - unbound unfixed (low) + NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html CVE-2009- [possible DoS in django caused by regex starving resources] - python-django 1.1.1-1 (medium; bug #550457) [etch] - python-django not-affected (introduced in 1.0) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12990 - /
Author: fw Date: 2009-10-11 17:57:36 + (Sun, 11 Oct 2009) New Revision: 12990 Modified: Makefile Log: Makefile: add update-lists target Modified: Makefile === --- Makefile2009-10-11 17:54:48 UTC (rev 12989) +++ Makefile2009-10-11 17:57:36 UTC (rev 12990) @@ -135,6 +135,9 @@ $(BACKPORTS_MIRROR)/lenny-backports/main/binary-armel/Packages \ data/packages/lenny-backports__main_armel_Packages +update-lists: + svn update -q data + update-nvd: for x in $$(seq 2002 $$(date +%Y)) ; do \ name=nvdcve-$$x.xml; \ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12991 - /
Author: fw Date: 2009-10-11 18:08:09 + (Sun, 11 Oct 2009) New Revision: 12991 Modified: Makefile Log: Makefile: rename target update-stable-packages to update-stable Modified: Makefile === --- Makefile2009-10-11 17:57:36 UTC (rev 12990) +++ Makefile2009-10-11 18:08:09 UTC (rev 12991) @@ -62,7 +62,7 @@ done ; \ done -update-stable-packages: +update-stable: set -e ; for rel in etch lenny ; do \ for archive in main contrib non-free ; do \ $(PYTHON) bin/apt-update-file \ ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12992 - data/CVE
Author: fw
Date: 2009-10-11 18:17:20 + (Sun, 11 Oct 2009)
New Revision: 12992
Modified:
data/CVE/list
Log:
CVE-2009-3474, CVE-2009-3475, CVE-2009-3476: fixed versions
Modified: data/CVE/list
===
--- data/CVE/list 2009-10-11 18:08:09 UTC (rev 12991)
+++ data/CVE/list 2009-10-11 18:17:20 UTC (rev 12992)
@@ -249,23 +249,23 @@
{DSA-1895-2 DSA-1896-1 DSA-1895-1}
- xmltooling 1.2.2-1
- opensaml removed
- - opensaml2 unfixed
+ - opensaml2 2.2.1-1
- shibboleth-sp removed
- - shibboleth-sp2 unfixed
+ - shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before
1.3.3 and ...)
{DSA-1895-2 DSA-1896-1 DSA-1895-1}
- xmltooling 1.2.2-1
- opensaml removed
- - opensaml2 unfixed
+ - opensaml2 2.2.1-1
- shibboleth-sp removed
- - shibboleth-sp2 unfixed
+ - shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as
used by ...)
{DSA-1895-2 DSA-1896-1 DSA-1895-1}
- xmltooling 1.2.2-1
- opensaml removed
- - opensaml2 unfixed
+ - opensaml2 2.2.1-1
- shibboleth-sp removed
- - shibboleth-sp2 unfixed
+ - shibboleth-sp2 2.2.1+dfsg-1
[lenny] - opensaml no-dsa (Minor issue)
TODO: next point update: [lenny] - opensaml 2.0-2+lenny1
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER
privilege ...)
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12992 failed
The error message was: make: *** [all] Terminated ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12992 failed
The error message was: make: *** [all] Terminated ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12993 - bin
Author: fw Date: 2009-10-11 19:00:26 + (Sun, 11 Oct 2009) New Revision: 12993 Modified: bin/tracker_service.py Log: bin/tracker_service.py (TrackerService.page_redirect): handle empty argument Modified: bin/tracker_service.py === --- bin/tracker_service.py 2009-10-11 18:17:20 UTC (rev 12992) +++ bin/tracker_service.py 2009-10-11 19:00:26 UTC (rev 12993) @@ -211,7 +211,10 @@ return self.page_object_or_redirect(url, obj, False) def page_redirect(self, path, params, url): -obj = path[0] +if path == (): +obj = '' +else: +obj = path[0] return self.page_object_or_redirect(url, obj, True) def page_object_or_redirect(self, url, obj, redirect): ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12994 - doc
Author: fw Date: 2009-10-11 19:38:42 + (Sun, 11 Oct 2009) New Revision: 12994 Added: doc/soler.txt Log: Documentation for the tracker setup on soler.debian.org Added: doc/soler.txt === --- doc/soler.txt (rev 0) +++ doc/soler.txt 2009-10-11 19:38:42 UTC (rev 12994) @@ -0,0 +1,57 @@ +Tracker setup on soler.debian.org += + +(This is internal documentation, in case things need to be fixed. +It is not relevant to day-to-day edting tasks.) + +Relevant files and directories +-- + +The tracker runs under the user ID sectracker. Most of its files +are stored in the directory /org/security-tracker.debian.org/website: + + bin/cron invoked by cron once every minute + bin/cron-hourly invoked by cron once every hour + bin/cron-daily invoked by cron once every day + bin/read-and-touch invoked by ~/.procmailrc + bin/start-daemon invoked by cron at reboot + + secure-testing Subversion checkout + secure-testing/bin/* main entry points, called bin bin/cron + secure-testing/stamps/* files which trigger processing by bin/cron + +~sectracker/.procmailrc invokes bin/read-and-touch to create stamp +files, which are then picked up by bin/cron. This is done to +serialize change events in batches (e.g., commits originated from +git-svn). sectrac...@security-tracker.debian.org is subscribed to +these mailing lists to be notified of changes: + + debian-security-annou...@lists.debian.org + secure-testing-commits.lists.alioth.debian.org + +The crontab of the sectracker user is set up such that the scripts +are invoked as specified above. + +Web server +-- + +80/TCP is handled by Apache. The Apache configuration is here: + + /org/security-tracker.debian.org/etc/apache.conf + +mod_proxy is used to forward requests to the actual server which +listens on 127.0.0.1:25648 and is started by the +/org/security-tracker.debian.org/website/bin/start-daemon script. + +debsecan metadata +- + +/org/security-tracker.debian.org/website/bin/cron contains code which +pushes updates to secure-testing-master, using rsync. + +Code updates + + +Updates to the Subversion checkout only affect the directory +/org/security-tracker.debian.org/website/secure-testing/data. +Code changes need to be applied manually, using svn update. ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r12994 failed
The error message was: mv: cannot stat `data/security-new.db': No such file or directory make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r12995 - data/CVE
Author: derevko-guest Date: 2009-10-12 05:19:42 + (Mon, 12 Oct 2009) New Revision: 12995 Modified: data/CVE/list Log: CVE-2009-2702 fixed in kde4libs 4:4.3.2-1 Modified: data/CVE/list === --- data/CVE/list 2009-10-11 19:38:42 UTC (rev 12994) +++ data/CVE/list 2009-10-12 05:19:42 UTC (rev 12995) @@ -2874,7 +2874,7 @@ NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...) - kdelibs unfixed (low; bug #546212) - - kde4libs unfixed (low; bug #546218) + - kde4libs 4:4.3.2-1 (low; bug #546218) [lenny] - kde4libs no-dsa (Minor issue) CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...) - zodb 1:3.9.0-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
