Author: jmm
Date: 2011-10-05 15:25:44 +0000 (Wed, 05 Oct 2011)
New Revision: 17372
Modified:
data/CVE/list
data/ospu-candidates.txt
data/spu-candidates.txt
Log:
- mutt no-dsa
- new issues in kdelibs, rekonq, chromium and moin
- new libreoffice issue (already fixed in sid and DSA already)
- fix broken cups entry, this was typod
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-10-05 15:03:59 UTC (rev 17371)
+++ data/CVE/list 2011-10-05 15:25:44 UTC (rev 17372)
@@ -220,6 +220,8 @@
RESERVED
CVE-2011-3873
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-XXXX [Fix file indirectory injection]
- puppet 2.7.3-3 (unimportant)
[squeeze] - puppet 2.6.2-5+squeeze1
@@ -1387,8 +1389,14 @@
RESERVED
CVE-2011-3366
RESERVED
+ - rekonq <unfixed>
+ TODO: File bugs
+ NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
CVE-2011-3365
RESERVED
+ - kde4libs <unfixed>
+ NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
+ TODO: File bugs
CVE-2011-3364
RESERVED
CVE-2011-3363
@@ -2704,17 +2712,28 @@
NOT-FOR-US: Citrix Access Gateway
CVE-2011-2881
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2880
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2879
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2878
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2877
RESERVED
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2876
RESERVED
- - cups 1.5.0-8
+ - chromium-browser 14.0.835.202~r103287-1
+ - libv8 <undetermined>
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -3211,6 +3230,9 @@
NOT-FOR-US: Drupal data module
CVE-2011-2713
RESERVED
+ - libreoffice 1:3.4.3-1
+ - openoffice.org 1:3.3.0-1
+ NOTE: Since 3.3.0 openoffice.org is a transitional source package to
migrate to libreoffice
CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x
before ...)
TODO: check
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo
...)
@@ -6822,6 +6844,8 @@
NOT-FOR-US: Ipswitch IMail
CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the
domain ...)
- mutt 1.5.21-5 (low; bug #619216)
+ [squeeze] - mutt <no-dsa> (Minor issue)
+ [lenny] - mutt <no-dsa> (Minor issue)
NOTE: http://dev.mutt.org/trac/ticket/3506
CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and
earlier does ...)
NOT-FOR-US: WeeChat
@@ -7898,8 +7922,7 @@
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389
...)
NOT-FOR-US: s389 LDAP server
CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the
reStructuredText (rst) ...)
- - moin <unfixed>
- TODO: check
+ - moin 1.9.3-3
CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on
Windows, ...)
NOT-FOR-US: Metasploit Framework
CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on
Windows, ...)
Modified: data/ospu-candidates.txt
===================================================================
--- data/ospu-candidates.txt 2011-10-05 15:03:59 UTC (rev 17371)
+++ data/ospu-candidates.txt 2011-10-05 15:25:44 UTC (rev 17372)
@@ -475,6 +475,11 @@
--
+mutt (CVE-2011-1429)
+#619216
+
+--
+
mpg123 (CVE-2009-1301)
notified maintainer
Modified: data/spu-candidates.txt
===================================================================
--- data/spu-candidates.txt 2011-10-05 15:03:59 UTC (rev 17371)
+++ data/spu-candidates.txt 2011-10-05 15:25:44 UTC (rev 17372)
@@ -48,6 +48,11 @@
--
+mutt (CVE-2011-1429)
+#619216
+
+--
+
open-vm-tools (CVE-2011-1681)
#623968
waiting stable
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
