[Secure-testing-commits] r16349 - data/CVE
Author: jmm
Date: 2011-03-10 07:53:01 + (Thu, 10 Mar 2011)
New Revision: 16349
Modified:
data/CVE/list
Log:
dokuwiki fixed
nss-pam-ldapd only affects experimental
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 23:26:03 UTC (rev 16348)
+++ data/CVE/list 2011-03-10 07:53:01 UTC (rev 16349)
@@ -202,7 +202,7 @@
CVE-2011-1225
RESERVED
CVE-2011- [dokuwiki ACL bypass]
- - dokuwiki (low)
+ - dokuwiki 0.0.20101107a-1 (low)
[squeeze] - dokuwiki (Minor issue)
[lenny] - dokuwiki (Minor issue)
CVE-2011-1224
@@ -2315,6 +2315,7 @@
RESERVED
CVE-2011-0438
RESERVED
+ - nss-pam-ldapd (Only affects 0.8.0, which was only
uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management
implementation ...)
{DSA-2179-1}
- dtc 0.32.10-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16348 - data/CVE
Author: gilbert-guest Date: 2011-03-09 23:26:03 + (Wed, 09 Mar 2011) New Revision: 16348 Modified: data/CVE/list Log: triage of incoming webkit issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 23:23:41 UTC (rev 16347) +++ data/CVE/list 2011-03-09 23:26:03 UTC (rev 16348) @@ -1,3 +1,8 @@ +CVE-2011- [xslt memory leak] + - libxslt (bug #617413) + NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html +CVE-2011- [v8 issues] +- libv8 (bug #617418) CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...) TODO: check CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...) @@ -397,7 +402,8 @@ NOT-FOR-US: FreeBSD/NetBSD libc CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code introduced in commit 75823) + TODO: recheck once webkit 1.3 enters unstable NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) - chromium-browser 9.0.597.107~r75357-1 @@ -409,37 +415,42 @@ - chromium-browser 9.0.597.107~r75357-1 - webkit NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 + TODO: ^ this bug is embargoed, please note the commit # CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit +NOTE: needs port (s/logicalBottom/bottom) NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (webgl support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (device orientation code/support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state) + TODO: check webkit 1.3 once it enters unstable NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...) - chromium-browser 9.0.597.107~r75357-1 @@ -449,22 +460,25 @@ - webkit (Chromium specific) CVE-2011- (Google Chrome before 9.0.597.107 does not properly implement forms ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit + NOTE: needs port (s/FormAssociatedElement/HTMLFormElement) NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit (vulnerable code not present in 1.2) + TODO: check webkit 1.3 once it gets uploaded to unstable NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit + - webkit NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) - chromium-browser 9.0.597.107~r75357-1 - webkit (Chromium specific) CVE-2011-1107 (U
[Secure-testing-commits] r16347 - in data: . CVE
Author: jmw Date: 2011-03-09 23:23:41 + (Wed, 09 Mar 2011) New Revision: 16347 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: prsc tracking Modified: data/CVE/list === --- data/CVE/list 2011-03-09 22:36:00 UTC (rev 16346) +++ data/CVE/list 2011-03-09 23:23:41 UTC (rev 16347) @@ -805,7 +805,7 @@ - ruby1.9.1 1.9.2.180-1 (bug #615519) CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...) - clamav 0.97+dfsg-1 (low) - [squeeze] - clamav (Minor issue) + [squeeze] - clamav (bug #617444; Minor issue) [lenny] - clamav NOTE: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486 NOTE: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f Modified: data/ospu-candidates.txt === --- data/ospu-candidates.txt2011-03-09 22:36:00 UTC (rev 16346) +++ data/ospu-candidates.txt2011-03-09 23:23:41 UTC (rev 16347) @@ -582,6 +582,12 @@ -- +openldap (CVE-2011-1024/CVE-2011-1025) +#617606 +waiting unstable + +-- + openldap #253838 notified maintainer Modified: data/spu-candidates.txt === --- data/spu-candidates.txt 2011-03-09 22:36:00 UTC (rev 16346) +++ data/spu-candidates.txt 2011-03-09 23:23:41 UTC (rev 16347) @@ -16,10 +16,11 @@ -- clamav (CVE-2011-1003) +#617444 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2486 http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f +awaiting maintainer response - -- conky (CVE-2011-) @@ -50,6 +51,12 @@ -- +openldap (CVE-2011-1024/CVE-2011-1025) +#617606 +waiting unstable + +-- + tesseract (CVE-2011-1136) #612032 awaiting maintainer response ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16346 - data/CVE
Author: gilbert-guest
Date: 2011-03-09 22:36:00 + (Wed, 09 Mar 2011)
New Revision: 16346
Modified:
data/CVE/list
Log:
bind9 fixed
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 21:18:17 UTC (rev 16345)
+++ data/CVE/list 2011-03-09 22:36:00 UTC (rev 16346)
@@ -2368,7 +2368,7 @@
CVE-2011-0415
RESERVED
CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an
authoritative ...)
- - bind9
+ - bind9 1:9.7.3.dfsg-1
[lenny] - bind9 (Introduced in 9.7.1)
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1,
4.0-ESV ...)
{DSA-2184-1}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16345 - data/CVE
Author: jmm Date: 2011-03-09 21:18:17 + (Wed, 09 Mar 2011) New Revision: 16345 Modified: data/CVE/list Log: two openldap no-dsa issues dotlrn/openacs not affected by xinha issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344) +++ data/CVE/list 2011-03-09 21:18:17 UTC (rev 16345) @@ -583,7 +583,7 @@ CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...) TODO: check CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...) - TODO: check + TODO: apparenty not in Debian. Raphael, can you confirm? CVE-2011-1071 [eglibc: memory corruption] RESERVED - glibc @@ -725,12 +725,14 @@ RESERVED CVE-2011-1025 [rootpw is not verified with slapd.conf] RESERVED - - openldap - TODO: check + - openldap (low) + [squeeze] - openldap (Minor issue) + [lenny] - openldap (Vulnerable code not present, introduced in 2.4.12) CVE-2011-1024 [forwarded bind failure messages cause success] RESERVED - - openldap - TODO: check + - openldap (low) + [lenny] - openldap (Minor issue) + [squeeze] - openldap (Minor issue) CVE-2011-1023 RESERVED CVE-2011-1022 [failure to verify netlink messages] @@ -862,22 +864,22 @@ RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1134 [xinha XSS image manager] RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1135 [xinha multiple vulns] RESERVED - serendipity (bug #611661) [lenny] - serendipity (Xinha not yet included) - - openacs - - dotlrn + - openacs (PHP bindings not used) + - dotlrn (PHP bindings not used) NOTE: http://secunia.com/advisories/40669/ CVE-2011-1137 [proftpd mod_sftp DoS] RESERVED ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16344 - data/CVE
Author: joeyh
Date: 2011-03-09 21:15:05 + (Wed, 09 Mar 2011)
New Revision: 16344
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 21:12:33 UTC (rev 16343)
+++ data/CVE/list 2011-03-09 21:15:05 UTC (rev 16344)
@@ -1,3 +1,37 @@
+CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in
the ...)
+ TODO: check
+CVE-2011-1321 (The AuthCache purge implementation in the Security component in
IBM ...)
+ TODO: check
+CVE-2011-1320 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1319 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response
in the ...)
+ TODO: check
+CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in
the ...)
+ TODO: check
+CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP
Transport ...)
+ TODO: check
+CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM
WebSphere ...)
+ TODO: check
+CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1312 (The Administrative Console component in IBM WebSphere
Application ...)
+ TODO: check
+CVE-2011-1311 (The Security component in IBM WebSphere Application Server
(WAS) ...)
+ TODO: check
+CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere
...)
+ TODO: check
+CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS)
before ...)
+ TODO: check
+CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation
...)
+ TODO: check
+CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before
...)
+ TODO: check
+CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in
Google ...)
+ TODO: check
CVE-2011- [gmime segfault]
- gmime2.4 (bug #616366)
CVE-2011-1305
@@ -491,15 +525,15 @@
RESERVED
- kde4libs
- kdelibs
-NOTE: http://seclists.org/oss-sec/2011/q1/434
-TODO: file a bug in BTS, check severity. check if kdelibs is affected too.
+ NOTE: http://seclists.org/oss-sec/2011/q1/434
+ TODO: file a bug in BTS, check severity. check if kdelibs is affected
too.
CVE-2011-1093
RESERVED
CVE-2011-1092 [PHP: shmop_read, missing sanity check]
RESERVED
- php5
-NOTE: http://seclists.org/oss-sec/2011/q1/430
-TODO: determine severity. file a bts bug.
+ NOTE: http://seclists.org/oss-sec/2011/q1/430
+ TODO: determine severity. file a bts bug.
CVE-2011-1091
RESERVED
CVE-2011-1090
@@ -2263,20 +2297,16 @@
RESERVED
CVE-2011-0438
RESERVED
-CVE-2011-0437
- RESERVED
+CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management
implementation ...)
{DSA-2179-1}
- dtc 0.32.10-1
-CVE-2011-0436 [new users' unencrypted passwords emailed to admin]
- RESERVED
+CVE-2011-0436 (The register_user function in client/new_account_form.php in
Domain ...)
{DSA-2179-1}
- dtc 0.32.10-1 (bug #614302)
-CVE-2011-0435
- RESERVED
+CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require
...)
{DSA-2179-1}
- dtc 0.32.10-1
-CVE-2011-0434
- RESERVED
+CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie
Control ...)
{DSA-2179-1}
- dtc 0.32.10-1
CVE-2011-0433 [linetoken() buffer overflow]
@@ -2349,15 +2379,15 @@
RESERVED
CVE-2011-0411
RESERVED
-TODO: lots of various other packages potentially affected, need to
check them, see http://www.kb.cert.org/vuls/id/555316
+ TODO: lots of various other packages potentially affected, need to
check them, see http://www.kb.cert.org/vuls/id/555316
- postfix 2.8.0-1
NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
NOTE: http://www.postfix.org/CVE-2011-0411.html
-- qmail
-[lenny] - qmail (non-free doesn't get security support)
-[squeeze] - qmail (non-free doesn't get security support)
-NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
+ - qmail
+ [lenny] - qmail (non-free doesn't get security support)
+ [squeeze] - qmail (non-free doesn't get security support)
+ NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for
...)
NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
@@ -2491,10 +2521,10 @@
[Secure-testing-commits] r16343 - in data: CVE DSA
Author: jmm
Date: 2011-03-09 21:12:33 + (Wed, 09 Mar 2011)
New Revision: 16343
Modified:
data/CVE/list
data/DSA/list
Log:
icedove DSA
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 18:21:44 UTC (rev 16342)
+++ data/CVE/list 2011-03-09 21:12:33 UTC (rev 16343)
@@ -3405,6 +3405,7 @@
CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla
Firefox ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
@@ -3418,6 +3419,7 @@
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation
in ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
@@ -3426,6 +3428,7 @@
CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox
before ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
@@ -3435,6 +3438,7 @@
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
Mozilla ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
@@ -3443,6 +3447,7 @@
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox
before ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
@@ -3451,6 +3456,7 @@
CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
@@ -3462,6 +3468,7 @@
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and
SeaMonkey ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
@@ -11867,6 +11874,7 @@
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...)
{DSA-2180-1}
- icedove 3.0.11-2
+ [lenny] - icedove
- xulrunner
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
Modified: data/DSA/list
===
--- data/DSA/list 2011-03-09 18:21:44 UTC (rev 16342)
+++ data/DSA/list 2011-03-09 21:12:33 UTC (rev 16343)
@@ -1,3 +1,6 @@
+[09 Mar 2011] DSA-2187-1 icedove - several
+ {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055
CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
+ [squeeze] - icedove 3.0.11-1+squeeze1
[09 Mar 2011] DSA-2186-1 iceweasel - several
{CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055
CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
[squeeze] - iceweasel 3.5.16-5
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16342 - data/CVE
Author: gilbert-guest Date: 2011-03-09 18:21:44 + (Wed, 09 Mar 2011) New Revision: 16342 Modified: data/CVE/list Log: postfix info Modified: data/CVE/list === --- data/CVE/list 2011-03-09 18:13:37 UTC (rev 16341) +++ data/CVE/list 2011-03-09 18:21:44 UTC (rev 16342) @@ -2349,10 +2349,15 @@ RESERVED CVE-2011-0411 RESERVED +TODO: lots of various other packages potentially affected, need to check them, see http://www.kb.cert.org/vuls/id/555316 - postfix 2.8.0-1 NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html NOTE: http://www.postfix.org/CVE-2011-0411.html +- qmail +[lenny] - qmail (non-free doesn't get security support) +[squeeze] - qmail (non-free doesn't get security support) +NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...) NOT-FOR-US: CollabNet ScrumWorks Basic CVE-2011-0409 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16341 - data/CVE
Author: gilbert-guest Date: 2011-03-09 18:13:37 + (Wed, 09 Mar 2011) New Revision: 16341 Modified: data/CVE/list Log: potential new gmime issue Modified: data/CVE/list === --- data/CVE/list 2011-03-09 18:01:58 UTC (rev 16340) +++ data/CVE/list 2011-03-09 18:13:37 UTC (rev 16341) @@ -1,3 +1,5 @@ +CVE-2011- [gmime segfault] + - gmime2.4 (bug #616366) CVE-2011-1305 RESERVED CVE-2011-1304 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16340 - data/DSA
Author: gilbert-guest
Date: 2011-03-09 18:01:58 + (Wed, 09 Mar 2011)
New Revision: 16340
Modified:
data/DSA/list
Log:
fix error
Modified: data/DSA/list
===
--- data/DSA/list 2011-03-09 17:53:48 UTC (rev 16339)
+++ data/DSA/list 2011-03-09 18:01:58 UTC (rev 16340)
@@ -1,5 +1,5 @@
[09 Mar 2011] DSA-2186-1 iceweasel - several
- {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055
CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
+ {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055
CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
[squeeze] - iceweasel 3.5.16-5
[07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow
{CVE-2011-1137}
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] Processing r16339 failed
The error message was: data/DSA/list: 1: error: cross reference to CVE-2011-0055 appears multiple times make: *** [all] Error 1 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16339 - in data: CVE DSA
Author: jmm
Date: 2011-03-09 17:53:48 + (Wed, 09 Mar 2011)
New Revision: 16339
Modified:
data/CVE/list
data/DSA/list
Log:
iceweasel/xulrunner DSA
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 17:48:25 UTC (rev 16338)
+++ data/CVE/list 2011-03-09 17:53:48 UTC (rev 16339)
@@ -3399,6 +3399,7 @@
{DSA-2180-1}
- icedove 3.0.11-2
- xulrunner
+ [lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -3419,6 +3420,7 @@
{DSA-2180-1}
- icedove 3.0.11-2
- xulrunner
+ [lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -3443,6 +3445,7 @@
{DSA-2180-1}
- icedove 3.0.11-2
- xulrunner
+ [lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -3453,6 +3456,7 @@
{DSA-2180-1}
- icedove 3.0.11-2
- xulrunner
+ [lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -11857,6 +11861,7 @@
{DSA-2180-1}
- icedove 3.0.11-2
- xulrunner
+ [lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
Modified: data/DSA/list
===
--- data/DSA/list 2011-03-09 17:48:25 UTC (rev 16338)
+++ data/DSA/list 2011-03-09 17:53:48 UTC (rev 16339)
@@ -1,3 +1,6 @@
+[09 Mar 2011] DSA-2186-1 iceweasel - several
+ {CVE-2010-1585 CVE-2011-0051 CVE-2011-0053 CVE-2011-0054 CVE-2011-0055
CVE-2011-0055 CVE-2011-0056 CVE-2011-0057 CVE-2011-0059}
+ [squeeze] - iceweasel 3.5.16-5
[07 Mar 2011] DSA-2185-1 proftpd-dfsg - integer overflow
{CVE-2011-1137}
[squeeze] - proftpd-dfsg 1.3.3a-6squeeze1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16338 - data/CVE
Author: jmm
Date: 2011-03-09 17:48:25 + (Wed, 09 Mar 2011)
New Revision: 16338
Modified:
data/CVE/list
Log:
three issues don't affect Lenny
Modified: data/CVE/list
===
--- data/CVE/list 2011-03-09 14:06:22 UTC (rev 16337)
+++ data/CVE/list 2011-03-09 17:48:25 UTC (rev 16338)
@@ -3410,7 +3410,7 @@
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation
in ...)
{DSA-2180-1}
- icedove 3.0.11-2
- - xulrunner
+ - xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -3426,7 +3426,7 @@
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
Mozilla ...)
{DSA-2180-1}
- icedove 3.0.11-2
- - xulrunner
+ - xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
@@ -3434,7 +3434,7 @@
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox
before ...)
{DSA-2180-1}
- icedove 3.0.11-2
- - xulrunner
+ - xulrunner (Vulnerable code not present)
- iceweasel 3.5.17-1
[lenny] - iceweasel (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
___
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16337 - data/CVE
Author: iuculano Date: 2011-03-09 14:06:22 + (Wed, 09 Mar 2011) New Revision: 16337 Modified: data/CVE/list Log: Chromium/webkit issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 12:30:16 UTC (rev 16336) +++ data/CVE/list 2011-03-09 14:06:22 UTC (rev 16337) @@ -360,62 +360,76 @@ CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...) NOT-FOR-US: FreeBSD/NetBSD libc CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (chromium specific) CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (chromium specific) CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011- (Google Chrome before 9.0.597.107 does not properly implement forms ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) - - chromium-browser - - webkit + - chromium-browser 9.0.597.107~r75357-1 + - webkit (Chromium specific) CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...) - - chromium-browser + - chromium-browser 9.0.597.107~r75357-1 - webkit + NOTE: http://trac.webkit.org/changeset/76205 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the
[Secure-testing-commits] r16336 - data/CVE
Author: luciano Date: 2011-03-09 12:30:16 + (Wed, 09 Mar 2011) New Revision: 16336 Modified: data/CVE/list Log: CVE-2011-0714 not-affected Modified: data/CVE/list === --- data/CVE/list 2011-03-09 12:17:14 UTC (rev 16335) +++ data/CVE/list 2011-03-09 12:30:16 UTC (rev 16336) @@ -1522,6 +1522,9 @@ - subversion 1.6.16dfsg-1 CVE-2011-0714 RESERVED + - linux-2.6 (This issue only affects Red Hat Enterprise Linux 6) + NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144 + NOTE: http://seclists.org/oss-sec/2011/q1/438 CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 ...) - wireshark 1.4.4-1 [lenny] - wireshark (Vulnerable code not present) ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16335 - data/CVE
Author: luciano Date: 2011-03-09 12:17:14 + (Wed, 09 Mar 2011) New Revision: 16335 Modified: data/CVE/list Log: CVE-2011-1092: php5 Modified: data/CVE/list === --- data/CVE/list 2011-03-09 11:50:10 UTC (rev 16334) +++ data/CVE/list 2011-03-09 12:17:14 UTC (rev 16335) @@ -479,8 +479,11 @@ TODO: file a bug in BTS, check severity. check if kdelibs is affected too. CVE-2011-1093 RESERVED -CVE-2011-1092 +CVE-2011-1092 [PHP: shmop_read, missing sanity check] RESERVED + - php5 +NOTE: http://seclists.org/oss-sec/2011/q1/430 +TODO: determine severity. file a bts bug. CVE-2011-1091 RESERVED CVE-2011-1090 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16334 - data/CVE
Author: luciano Date: 2011-03-09 11:50:10 + (Wed, 09 Mar 2011) New Revision: 16334 Modified: data/CVE/list Log: CVE-2011-1094: kde4libs Modified: data/CVE/list === --- data/CVE/list 2011-03-09 11:02:59 UTC (rev 16333) +++ data/CVE/list 2011-03-09 11:50:10 UTC (rev 16334) @@ -471,8 +471,12 @@ - eglibc NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923 -CVE-2011-1094 +CVE-2011-1094 [KDE SSL name check issue] RESERVED + - kde4libs + - kdelibs +NOTE: http://seclists.org/oss-sec/2011/q1/434 +TODO: file a bug in BTS, check severity. check if kdelibs is affected too. CVE-2011-1093 RESERVED CVE-2011-1092 ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
[Secure-testing-commits] r16333 - data/CVE
Author: luciano Date: 2011-03-09 11:02:59 + (Wed, 09 Mar 2011) New Revision: 16333 Modified: data/CVE/list Log: eglibc issues Modified: data/CVE/list === --- data/CVE/list 2011-03-09 00:48:26 UTC (rev 16332) +++ data/CVE/list 2011-03-09 11:02:59 UTC (rev 16333) @@ -465,8 +465,12 @@ RESERVED CVE-2011-1096 RESERVED -CVE-2011-1095 +CVE-2011-1095 [glibc locale escaping issue] RESERVED + - glibc + - eglibc + NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904 + NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923 CVE-2011-1094 RESERVED CVE-2011-1093 @@ -478,7 +482,7 @@ CVE-2011-1090 RESERVED - linux-2.6 (low) -CVE-2011-1089 +CVE-2011-1089 [Suid mount helpers fail to anticipate RLIMIT_FSIZE] RESERVED - glibc - eglibc ___ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
