[Secure-testing-commits] r16830 - in data: . CVE

Moritz Muehlenhoff Tue, 21 Jun 2011 09:43:42 -0700

Author: jmm
Date: 2011-06-21 16:43:36 +0000 (Tue, 21 Jun 2011)
New Revision: 16830


Modified:
   data/CVE/list
   data/ospu-candidates.txt
   data/spu-candidates.txt
Log:
- new wireshark issue not affecting stable/oldstable
- prosody/billion laughs / no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-06-21 16:39:13 UTC (rev 16829)
+++ data/CVE/list       2011-06-21 16:43:36 UTC (rev 16830)
@@ -649,7 +649,11 @@
        TODO: check
 CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 
6.3.x, ...)
        TODO: check
-CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c 
in ...)
+CVE-2010-XXXX [prosody billion laughs]
+       - prosody 0.7.0-1 (low; bug #579087)
+       [squeeze] - prosody <no-dsa> (Minor issue)
+       [lenny] - prosody <no-dsa> (Minor issue)
+CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c 
in config.cgi in Icinga ...)
        - icinga <undetermined>
        NOTE: 1.4.1 is said to be fixed
        - nagios3 <undetermined>
@@ -1279,6 +1283,10 @@
        TODO: check
 CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an 
incorrect ...)
        TODO: check
+       - wireshark 1.4.6-1 (unimportant)
+       [lenny] - wireshark <not-affected> (Affects 1.4.5 only)
+       [squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
+       NOTE: Crashes w/o code injection not treated as security issues, see 
README.Security
 CVE-2011-1955
        RESERVED
 CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in 
Post ...)

Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt    2011-06-21 16:39:13 UTC (rev 16829)
+++ data/ospu-candidates.txt    2011-06-21 16:43:36 UTC (rev 16830)
@@ -524,6 +524,15 @@
 
 --
 
+prosody (CVE-2010-XXXX)
+#579087
+Also requires additional fix in lua-expat
+
+--
+
+
+--
+
 puppet (CVE-2009-3564, CVE-2010-0156)
 
 --

Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt     2011-06-21 16:39:13 UTC (rev 16829)
+++ data/spu-candidates.txt     2011-06-21 16:43:36 UTC (rev 16830)
@@ -102,6 +102,12 @@
 
 --
 
+prosody (CVE-2010-XXXX)
+#579087
+Also requires additional fix in lua-expat
+
+--
+
 python2.6 (CVE-2011-1015)
 http://bugs.python.org/issue2254
 


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r16830 - in data: . CVE

Reply via email to