[Secure-testing-commits] r16349 - data/CVE
Author: jmm Date: 2011-03-10 07:53:01 + (Thu, 10 Mar 2011) New Revision: 16349 Modified: data/CVE/list Log: dokuwiki fixed nss-pam-ldapd only affects experimental Modified: data/CVE/list === --- data/CVE/list 2011-03-09 23:26:03 UTC (rev 16348) +++ data/CVE/list 2011-03-10 07:53:01 UTC (rev 16349) @@ -202,7 +202,7 @@ CVE-2011-1225 RESERVED CVE-2011- [dokuwiki ACL bypass] - - dokuwiki (low) + - dokuwiki 0.0.20101107a-1 (low) [squeeze] - dokuwiki (Minor issue) [lenny] - dokuwiki (Minor issue) CVE-2011-1224 @@ -2315,6 +2315,7 @@ RESERVED CVE-2011-0438 RESERVED + - nss-pam-ldapd (Only affects 0.8.0, which was only uploaded to experimental) CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...) {DSA-2179-1} - dtc 0.32.10-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16348 - data/CVE
Author: gilbert-guest Date: 2011-03-09 23:26:03 + (Wed, 09 Mar 2011) New Revision: 16348 Modified: data/CVE/list Log: triage of incoming webkit issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 23:23:41 UTC (rev 16347) +++ data/CVE/list 2011-03-09 23:26:03 UTC (rev 16348) @@ -1,3 +1,8 @@ +CVE-2011- [xslt memory leak] + - libxslt (bug #617413) + NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html +CVE-2011- [v8 issues] +- libv8 (bug #617418) CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...) TODO: check CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...) @@ -397,7 +402,8 @@ NOT-FOR-US: FreeBSD/NetBSD libc CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code introduced in commit 75823) + TODO: recheck once webkit 1.3 enters unstable NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) - chromium-browser 9.0.597.107~r75357-1 @@ -409,37 +415,42 @@ - chromium-browser 9.0.597.107~r75357-1 - webkit NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 + TODO: ^ this bug is embargoed, please note the commit # CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit +NOTE: needs port (s/logicalBottom/bottom) NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (webgl support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (device orientation code/support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state) + TODO: check webkit 1.3 once it enters unstable NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...) - chromium-browser 9.0.597.107~r75357-1 @@ -449,22 +460,25 @@ - webkit (Chromium specific) CVE-2011- (Google Chrome before 9.0.597.107 does not properly implement forms ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit + NOTE: needs port (s/FormAssociatedElement/HTMLFormElement) NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code not present in 1.2) + TODO: check webkit 1.3 once it gets uploaded to unstable NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) - chromium-browser 9.0.597.107~r75357-1 - webkit (Chromium specific) CVE-2011-1107 (U
[Secure-testing-commits] r16347 - in data: . CVE
Author: jmw Date: 2011-03-09 23:23:41 + (Wed, 09 Mar 2011) New Revision: 16347 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: prsc tracking Modified: data/CVE/list === --- data/CVE/list 2011-03-09 22:36:00 UTC (rev 16346) +++ data/CVE/list 2011-03-09 23:23:41 UTC (rev 16347) @@ -805,7 +805,7 @@ - ruby1.9.1 1.9.2.180-1 (bug #615519) CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...) - clamav 0.97+dfsg-1 (low) - [squeeze] - clamav (Minor issue) + [squeeze] - clamav (bug #617444; Minor issue) [lenny] - clamav NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486 NOTE: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f Modified: data/ospu-candidates.txt === --- data/ospu-candidates.txt2011-03-09 22:36:00 UTC (rev 16346) +++ data/ospu-candidates.txt2011-03-09 23:23:41 UTC (rev 16347) @@ -582,6 +582,12 @@ -- +openldap (CVE-2011-1024/CVE-2011-1025) +#617606 +waiting unstable + +-- + openldap #253838 notified maintainer Modified: data/spu-candidates.txt === --- data/spu-candidates.txt 2011-03-09 22:36:00 UTC (rev 16346) +++ data/spu-candidates.txt 2011-03-09 23:23:41 UTC (rev 16347) @@ -16,10 +16,11 @@ -- clamav (CVE-2011-1003) +#617444 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486 http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f +awaiting maintainer response - -- conky (CVE-2011-) @@ -50,6 +51,12 @@ -- +openldap (CVE-2011-1024/CVE-2011-1025) +#617606 +waiting unstable + +-- + tesseract (CVE-2011-1136) #612032 awaiting maintainer response ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16346 - data/CVE
Author: gilbert-guest Date: 2011-03-09 22:36:00 + (Wed, 09 Mar 2011) New Revision: 16346 Modified: data/CVE/list Log: bind9 fixed Modified: data/CVE/list === --- data/CVE/list 2011-03-09 21:18:17 UTC (rev 16345) +++ data/CVE/list 2011-03-09 22:36:00 UTC (rev 16346) @@ -2368,7 +2368,7 @@ CVE-2011-0415 RESERVED CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative ...) - - bind9 + - bind9 1:9.7.3.dfsg-1 [lenny] - bind9 (Introduced in 9.7.1) CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...) {DSA-2184-1} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16345 - data/CVE
Author: jmm Date: 2011-03-09 21:18:17 + (Wed, 09 Mar 2011) New Revision: 16345 Modified: data/CVE/list Log: two openldap no-dsa issues dotlrn/openacs not affected by xinha issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344) +++ data/CVE/list 2011-03-09 21:18:17 UTC (rev 16345) @@ -583,7 +583,7 @@ CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) TODO: check CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) - TODO: check + TODO: apparenty not in Debian. Raphael, can you confirm? CVE-2011-1071 [eglibc: memory corruption] RESERVED - glibc @@ -725,12 +725,14 @@ RESERVED CVE-2011-1025 [rootpw is not verified with slapd.conf] RESERVED - - openldap - TODO: check + - openldap (low) + [squeeze] - openldap (Minor issue) + [lenny] - openldap (Vulnerable code not present, introduced in 2.4.12) CVE-2011-1024 [forwarded bind failure messages cause success] RESERVED - - openldap - TODO: check + - openldap (low) + [lenny] - openldap (Minor issue) + [squeeze] - openldap (Minor issue) CVE-2011-1023 RESERVED CVE-2011-1022 [failure to verify netlink messages] @@ -862,22 +864,22 @@ RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1134 [xinha XSS image manager] RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1135 [xinha multiple vulns] RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1137 [proftpd mod_sftp DoS] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16344 - data/CVE
Author: joeyh Date: 2011-03-09 21:15:05 + (Wed, 09 Mar 2011) New Revision: 16344 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list === --- data/CVE/list 2011-03-09 21:12:33 UTC (rev 16343) +++ data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344) @@ -1,3 +1,37 @@ +CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...) + TODO: check +CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...) + TODO: check +CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) ...) + TODO: check +CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) ...) + TODO: check +CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...) + TODO: check +CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the ...) + TODO: check +CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport ...) + TODO: check +CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application ...) + TODO: check +CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere ...) + TODO: check +CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) ...) + TODO: check +CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application ...) + TODO: check +CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) ...) + TODO: check +CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere ...) + TODO: check +CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...) + TODO: check +CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation ...) + TODO: check +CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before ...) + TODO: check +CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google ...) + TODO: check CVE-2011- [gmime segfault] - gmime2.4 (bug #616366) CVE-2011-1305 @@ -491,15 +525,15 @@ RESERVED - kde4libs - kdelibs -NOTE: http://seclists.org/oss-sec/2011/q1/434 -TODO: file a bug in BTS, check severity. check if kdelibs is affected too. + NOTE: http://seclists.org/oss-sec/2011/q1/434 + TODO: file a bug in BTS, check severity. check if kdelibs is affected too. CVE-2011-1093 RESERVED CVE-2011-1092 [PHP: shmop_read, missing sanity check] RESERVED - php5 -NOTE: http://seclists.org/oss-sec/2011/q1/430 -TODO: determine severity. file a bts bug. + NOTE: http://seclists.org/oss-sec/2011/q1/430 + TODO: determine severity. file a bts bug. CVE-2011-1091 RESERVED CVE-2011-1090 @@ -2263,20 +2297,16 @@ RESERVED CVE-2011-0438 RESERVED -CVE-2011-0437 - RESERVED +CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...) {DSA-2179-1} - dtc 0.32.10-1 -CVE-2011-0436 [new users' unencrypted passwords emailed to admin] - RESERVED +CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain ...) {DSA-2179-1} - dtc 0.32.10-1 (bug #614302) -CVE-2011-0435 - RESERVED +CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require ...) {DSA-2179-1} - dtc 0.32.10-1 -CVE-2011-0434 - RESERVED +CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ...) {DSA-2179-1} - dtc 0.32.10-1 CVE-2011-0433 [linetoken() buffer overflow] @@ -2349,15 +2379,15 @@ RESERVED CVE-2011-0411 RESERVED -TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316 + TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316 - postfix 2.8.0-1 NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html NOTE: http://www.postfix.org/CVE-2011-0411.html -- qmail -[lenny] - qmail (non-free doesn't get security support) -[squeeze] - qmail (non-free doesn't get security support) -NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q + - qmail + [lenny] - qmail (non-free doesn't get security support) + [squeeze] - qmail (non-free doesn't get security support) + NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...) NOT-FOR-US: CollabNet ScrumWorks Basic CVE-2011-0409 @@ -2491,10 +2521,10 @@
[Secure-testing-commits] r16343 - in data: CVE DSA
Author: jmm Date: 2011-03-09 21:12:33 + (Wed, 09 Mar 2011) New Revision: 16343 Modified: data/CVE/list data/DSA/list Log: icedove DSA Modified: data/CVE/list === --- data/CVE/list 2011-03-09 18:21:44 UTC (rev 16342) +++ data/CVE/list 2011-03-09 21:12:33 UTC (rev 16343) @@ -3405,6 +3405,7 @@ CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 @@ -3418,6 +3419,7 @@ CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -3426,6 +3428,7 @@ CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 @@ -3435,6 +3438,7 @@ CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -3443,6 +3447,7 @@ CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) @@ -3451,6 +3456,7 @@ CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 @@ -3462,6 +3468,7 @@ CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 @@ -11867,6 +11874,7 @@ CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...) {DSA-2180-1} - icedove 3.0.11-2 + [lenny] - icedove - xulrunner [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 Modified: data/DSA/list === --- data/DSA/list 2011-03-09 18:21:44 UTC (rev 16342) +++ data/DSA/list 2011-03-09 21:12:33 UTC (rev 16343) @@ -1,3 +1,6 @@ +[09 Mar 2011] DSA-2187-1 icedove - several + {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} + [squeeze] - icedove 3.0.11-1+squeeze1 [09 Mar 2011] DSA-2186-1 iceweasel - several {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} [squeeze] - iceweasel 3.5.16-5 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16342 - data/CVE
Author: gilbert-guest Date: 2011-03-09 18:21:44 + (Wed, 09 Mar 2011) New Revision: 16342 Modified: data/CVE/list Log: postfix info Modified: data/CVE/list === --- data/CVE/list 2011-03-09 18:13:37 UTC (rev 16341) +++ data/CVE/list 2011-03-09 18:21:44 UTC (rev 16342) @@ -2349,10 +2349,15 @@ RESERVED CVE-2011-0411 RESERVED +TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316 - postfix 2.8.0-1 NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html NOTE: http://www.postfix.org/CVE-2011-0411.html +- qmail +[lenny] - qmail (non-free doesn't get security support) +[squeeze] - qmail (non-free doesn't get security support) +NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...) NOT-FOR-US: CollabNet ScrumWorks Basic CVE-2011-0409 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16341 - data/CVE
Author: gilbert-guest Date: 2011-03-09 18:13:37 + (Wed, 09 Mar 2011) New Revision: 16341 Modified: data/CVE/list Log: potential new gmime issue Modified: data/CVE/list === --- data/CVE/list 2011-03-09 18:01:58 UTC (rev 16340) +++ data/CVE/list 2011-03-09 18:13:37 UTC (rev 16341) @@ -1,3 +1,5 @@ +CVE-2011- [gmime segfault] + - gmime2.4 (bug #616366) CVE-2011-1305 RESERVED CVE-2011-1304 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16340 - data/DSA
Author: gilbert-guest Date: 2011-03-09 18:01:58 + (Wed, 09 Mar 2011) New Revision: 16340 Modified: data/DSA/list Log: fix error Modified: data/DSA/list === --- data/DSA/list 2011-03-09 17:53:48 UTC (rev 16339) +++ data/DSA/list 2011-03-09 18:01:58 UTC (rev 16340) @@ -1,5 +1,5 @@ [09 Mar 2011] DSA-2186-1 iceweasel - several - {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} + {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} [squeeze] - iceweasel 3.5.16-5 [07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow {CVE-2011-1137} ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r16339 failed
The error message was: data/DSA/list: 1: error: cross reference to CVE-2011-0055 appears multiple times make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16339 - in data: CVE DSA
Author: jmm Date: 2011-03-09 17:53:48 + (Wed, 09 Mar 2011) New Revision: 16339 Modified: data/CVE/list data/DSA/list Log: iceweasel/xulrunner DSA Modified: data/CVE/list === --- data/CVE/list 2011-03-09 17:48:25 UTC (rev 16338) +++ data/CVE/list 2011-03-09 17:53:48 UTC (rev 16339) @@ -3399,6 +3399,7 @@ {DSA-2180-1} - icedove 3.0.11-2 - xulrunner + [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -3419,6 +3420,7 @@ {DSA-2180-1} - icedove 3.0.11-2 - xulrunner + [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -3443,6 +3445,7 @@ {DSA-2180-1} - icedove 3.0.11-2 - xulrunner + [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -3453,6 +3456,7 @@ {DSA-2180-1} - icedove 3.0.11-2 - xulrunner + [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -11857,6 +11861,7 @@ {DSA-2180-1} - icedove 3.0.11-2 - xulrunner + [lenny] - xulrunner 1.9.0.19-8 - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 Modified: data/DSA/list === --- data/DSA/list 2011-03-09 17:48:25 UTC (rev 16338) +++ data/DSA/list 2011-03-09 17:53:48 UTC (rev 16339) @@ -1,3 +1,6 @@ +[09 Mar 2011] DSA-2186-1 iceweasel - several + {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055 CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059} + [squeeze] - iceweasel 3.5.16-5 [07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow {CVE-2011-1137} [squeeze] - proftpd-dfsg 1.3.3a-6squeeze1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16338 - data/CVE
Author: jmm Date: 2011-03-09 17:48:25 + (Wed, 09 Mar 2011) New Revision: 16338 Modified: data/CVE/list Log: three issues don't affect Lenny Modified: data/CVE/list === --- data/CVE/list 2011-03-09 14:06:22 UTC (rev 16337) +++ data/CVE/list 2011-03-09 17:48:25 UTC (rev 16338) @@ -3410,7 +3410,7 @@ CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...) {DSA-2180-1} - icedove 3.0.11-2 - - xulrunner + - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -3426,7 +3426,7 @@ CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in Mozilla ...) {DSA-2180-1} - icedove 3.0.11-2 - - xulrunner + - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 @@ -3434,7 +3434,7 @@ CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...) {DSA-2180-1} - icedove 3.0.11-2 - - xulrunner + - xulrunner (Vulnerable code not present) - iceweasel 3.5.17-1 [lenny] - iceweasel (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.12-1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16337 - data/CVE
Author: iuculano Date: 2011-03-09 14:06:22 + (Wed, 09 Mar 2011) New Revision: 16337 Modified: data/CVE/list Log: Chromium/webkit issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 12:30:16 UTC (rev 16336) +++ data/CVE/list 2011-03-09 14:06:22 UTC (rev 16337) @@ -360,62 +360,76 @@ CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...) NOT-FOR-US: FreeBSD/NetBSD libc CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (chromium specific) CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (chromium specific) CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011- (Google Chrome before 9.0.597.107 does not properly implement forms ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76205 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the
[Secure-testing-commits] r16336 - data/CVE
Author: luciano Date: 2011-03-09 12:30:16 + (Wed, 09 Mar 2011) New Revision: 16336 Modified: data/CVE/list Log: CVE-2011-0714 not-affected Modified: data/CVE/list === --- data/CVE/list 2011-03-09 12:17:14 UTC (rev 16335) +++ data/CVE/list 2011-03-09 12:30:16 UTC (rev 16336) @@ -1522,6 +1522,9 @@ - subversion 1.6.16dfsg-1 CVE-2011-0714 RESERVED + - linux-2.6 (This issue only affects Red Hat Enterprise Linux 6) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144 + NOTE: http://seclists.org/oss-sec/2011/q1/438 CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 ...) - wireshark 1.4.4-1 [lenny] - wireshark (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16335 - data/CVE
Author: luciano Date: 2011-03-09 12:17:14 + (Wed, 09 Mar 2011) New Revision: 16335 Modified: data/CVE/list Log: CVE-2011-1092: php5 Modified: data/CVE/list === --- data/CVE/list 2011-03-09 11:50:10 UTC (rev 16334) +++ data/CVE/list 2011-03-09 12:17:14 UTC (rev 16335) @@ -479,8 +479,11 @@ TODO: file a bug in BTS, check severity. check if kdelibs is affected too. CVE-2011-1093 RESERVED -CVE-2011-1092 +CVE-2011-1092 [PHP: shmop_read, missing sanity check] RESERVED + - php5 +NOTE: http://seclists.org/oss-sec/2011/q1/430 +TODO: determine severity. file a bts bug. CVE-2011-1091 RESERVED CVE-2011-1090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16334 - data/CVE
Author: luciano Date: 2011-03-09 11:50:10 + (Wed, 09 Mar 2011) New Revision: 16334 Modified: data/CVE/list Log: CVE-2011-1094: kde4libs Modified: data/CVE/list === --- data/CVE/list 2011-03-09 11:02:59 UTC (rev 16333) +++ data/CVE/list 2011-03-09 11:50:10 UTC (rev 16334) @@ -471,8 +471,12 @@ - eglibc NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923 -CVE-2011-1094 +CVE-2011-1094 [KDE SSL name check issue] RESERVED + - kde4libs + - kdelibs +NOTE: http://seclists.org/oss-sec/2011/q1/434 +TODO: file a bug in BTS, check severity. check if kdelibs is affected too. CVE-2011-1093 RESERVED CVE-2011-1092 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16333 - data/CVE
Author: luciano Date: 2011-03-09 11:02:59 + (Wed, 09 Mar 2011) New Revision: 16333 Modified: data/CVE/list Log: eglibc issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 00:48:26 UTC (rev 16332) +++ data/CVE/list 2011-03-09 11:02:59 UTC (rev 16333) @@ -465,8 +465,12 @@ RESERVED CVE-2011-1096 RESERVED -CVE-2011-1095 +CVE-2011-1095 [glibc locale escaping issue] RESERVED + - glibc + - eglibc + NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 + NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923 CVE-2011-1094 RESERVED CVE-2011-1093 @@ -478,7 +482,7 @@ CVE-2011-1090 RESERVED - linux-2.6 (low) -CVE-2011-1089 +CVE-2011-1089 [Suid mount helpers fail to anticipate RLIMIT_FSIZE] RESERVED - glibc - eglibc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits