Raphael Geissert
2011-Jan-24 19:46 UTC
[Secure-testing-commits] r15952 - in data: CVE packages
Author: geissert
Date: 2011-01-24 19:46:04 +0000 (Mon, 24 Jan 2011)
New Revision: 15952
Modified:
data/CVE/list
data/packages/new-packages
Log:
maradns CVEified
mozilla issue that hasn''t been checked so far
a few drupal mod issues
eclipse
xpdf/poppler
libpng not-affected
we _do_ ship Mojarra
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-01-24 18:10:25 UTC (rev 15951)
+++ data/CVE/list 2011-01-24 19:46:04 UTC (rev 15952)
@@ -5,9 +5,8 @@
- shibboleth-sp2 <unfixed>
NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
TODO: report & request id
-CVE-2011-XXXX [maradns crash with long queries]
+CVE-2011-0520 [maradns crash with long queries]
- maradns <unfixed> (bug #610834)
- NOTE: CVE id requested
CVE-2011-0634
RESERVED
CVE-2011-0633
@@ -236,8 +235,6 @@
RESERVED
CVE-2011-0521
RESERVED
-CVE-2011-0520
- RESERVED
CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP
Photo ...)
NOT-FOR-US: Gallarific
CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in
LotusCMS ...)
@@ -451,6 +448,7 @@
[lenny] - gif2png <no-dsa> (Minor issue)
[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help
...)
+ - eclipse <unfixed>
TODO: check
CVE-2011-0426
RESERVED
@@ -531,7 +529,7 @@
CVE-2011-0409
RESERVED
CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers
to ...)
- TODO: check
+ - libpng <not-affected> (vulnerable code introduced in 1.5.0, not
packaged)
CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
NOT-FOR-US: Phenotype CMS
CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech
KingView ...)
@@ -898,10 +896,22 @@
RESERVED
CVE-2010-4654
RESERVED
-CVE-2010-4653
+ - kdegraphics 4.0
+ - xpdf <unfixed>
+ - poppler <undetermined>
+ NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
+ TODO: check
+CVE-2010-4653
RESERVED
-CVE-2010-4652
+ - kdegraphics 4.0
+ - xpdf <unfixed>
+ - poppler <unfixed>
+ NOTE:
http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
+ TODO: check
+CVE-2010-4652 [buffer overflow when preparing SQL queries]
RESERVED
+ - proftpd <unfixed>
+ TODO: check
CVE-2010-4651 [patch directory traversal]
RESERVED
- patch <unfixed> (unimportant)
@@ -1745,11 +1755,14 @@
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka
...)
NOT-FOR-US: MyBB
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x
...)
- NOT-FOR-US: mod for Drupal
+ - drupal6-mod-views <undetermined>
+ TODO: check
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views
...)
- NOT-FOR-US: mod for Drupal
+ - drupal6-mod-views <undetermined>
+ TODO: check
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the ...)
- NOT-FOR-US: mod for Drupal
+ - drupal6-mod-views <undetermined>
+ TODO: check
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
@@ -1819,6 +1832,8 @@
RESERVED
CVE-2011-0023
RESERVED
+ - linux-2.6 <undetermined>
+ TODO: check (to be rejected?)
CVE-2011-0022
RESERVED
CVE-2011-0021
@@ -3112,7 +3127,8 @@
{DSA-2128-1}
- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message
...)
- NOT-FOR-US: Oracle Mojarra
+ - mojarra <unfixed>
+ TODO: check
CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN
Links ...)
NOT-FOR-US: WSN Links
CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy
1.5.2 and ...)
@@ -3707,6 +3723,12 @@
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13
and ...)
+ - xulrunner <removed>
+ - icedove <undetermined>
+ - iceweasel <undetermined>
+ [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
+ - iceape <undetermined>
+ [lenny] - iceape <not-affected> (Only a stub package)
TODO: check
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2132-1}
@@ -7579,9 +7601,11 @@
CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG)
eLMS ...)
NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK)
module 6.x ...)
- NOT-FOR-US: CCK module for Drupal
+ - drupal6-mod-cck <undetermined>
+ TODO: check
CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK)
module 5.x ...)
- NOT-FOR-US: CCK module for Drupal
+ - drupal6-mod-cck <undetermined>
+ TODO: check
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware
SMB 1.0 ...)
NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0
allows ...)
@@ -8289,7 +8313,8 @@
CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an
unencrypted ...)
NOT-FOR-US: Microsoft .NET
CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere
Application ...)
- NOT-FOR-US: Oracle Mojarra
+ - mojarra <unfixed>
+ TODO: check
CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere
Application ...)
NOT-FOR-US: Apache MyFaces
CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before
1.1 has ...)
@@ -22537,9 +22562,11 @@
CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree
5.x ...)
NOT-FOR-US: Booktree module for drupal
CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote
...)
- NOT-FOR-US: Views module for Drupal
+ - drupal6-mod-views <undetermined>
+ TODO: check
CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before
6.x-2.6, ...)
- NOT-FOR-US: Views module for Drupal
+ - drupal6-mod-views <undetermined>
+ TODO: check
CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module
for ...)
NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before
...)
@@ -77733,7 +77760,7 @@
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1
...)
NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache
Geronimo ...)
- NOT-FOR-US: Apache Geronimo
+ - geronimo <itp> (bug #481869)
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in
"Blue ...)
NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows
remote ...)
Modified: data/packages/new-packages
==================================================================---
data/packages/new-packages 2011-01-24 18:10:25 UTC (rev 15951)
+++ data/packages/new-packages 2011-01-24 19:46:04 UTC (rev 15952)
@@ -590,7 +590,6 @@
libtest-exit-perl
maven-enforcer
msva-perl
-png++
pwget
rabbitvcs-cli
rabbitvcs-core
@@ -664,7 +663,6 @@
skipfish
ust
webgen0.5
-gcc-3.3
libhtml-defang-perl
liblog-any-perl
libnet-nationalrail-livedepartureboards-perl
@@ -736,7 +734,6 @@
yorick-optimpack
bsl
buzztard
-db4.8
dracut
drizzle
drupal6-mod-i18n
@@ -1411,8 +1408,6 @@
libpackage-deprecationmanager-perl
libposix-strptime-perl
libscalar-util-numeric-perl
-live-build
-openpyxl
php-net-whois
pike7.8
projectm
@@ -1561,7 +1556,6 @@
jxgrabkey
k8temp
kcov
-kernel-handbook
kmetronome
kumofs
ladvd
@@ -1597,7 +1591,6 @@
libdist-zilla-plugin-prepender-perl
libdist-zilla-plugins-cjm-perl
libdrumstick
-libeatmydata
libelixirfm-perl
libemail-outlook-message-perl
libencode-hanextra-perl