Author: jmm Date: 2011-10-21 14:06:18 +0000 (Fri, 21 Oct 2011) New Revision: 17474 Modified: data/CVE/list Log: - django CVEfied - xorg-server no-dsa (XSF will prepare update for squeeze) - new qemu-kvm issue - new freetype issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-10-21 11:54:28 UTC (rev 17473) +++ data/CVE/list 2011-10-21 14:06:18 UTC (rev 17474) @@ -19,15 +19,15 @@ CVE-2011-4141 RESERVED CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x ...) - TODO: check + - python-django 1.3.1-1 (bug #641405) CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request''s HTTP Host ...) - TODO: check + - python-django 1.3.1-1 (bug #641405) CVE-2011-4138 (The verify_exists functionality in the URLField implementation in ...) - TODO: check + - python-django 1.3.1-1 (bug #641405) CVE-2011-4137 (The verify_exists functionality in the URLField implementation in ...) - TODO: check + - python-django 1.3.1-1 (bug #641405) CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...) - TODO: check + - python-django 1.3.1-1 (bug #641405) CVE-2011-4135 RESERVED CVE-2011-4134 @@ -260,11 +260,15 @@ - plone3 <not-affected> (Only affects Plone 4.x) CVE-2011-4029 RESERVED - - xorg-server <unfixed> + - xorg-server 2:1.11.1.901-2 (low) + [squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update) + [lenny] - xorg-server <no-dsa> (Minor issue) NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4 CVE-2011-4028 RESERVED - - xorg-server <unfixed> (low) + - xorg-server 2:1.11.1.901-2 (low) + [squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update) + [lenny] - xorg-server <no-dsa> (Minor issue) NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34 CVE-2011-4027 RESERVED @@ -1913,11 +1917,6 @@ CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...) NOT-FOR-US: Drupal module Flag Content NOTE: might get packaged -CVE-2011-XXXX [Django several vulnerabilities] - - python-django 1.3.1-1 (bug #641405) - NOTE: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ - NOTE: https://www.djangoproject.com/weblog/2011/sep/10/127/ - NOTE: CVE id requested on oss-security CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...) - wireshark <unfixed> [squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1) @@ -2170,6 +2169,7 @@ RESERVED CVE-2011-3346 RESERVED + - qemu-kvm <unfixed> (bug #646118) CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...) - ofa-kernel <itp> (bug #541849) CVE-2011-3344 @@ -2385,7 +2385,7 @@ CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly ...) NOT-FOR-US: Apple iOS CVE-2011-3256 (FreeType in CoreGraphics in Apple iOS before 5 allows remote attackers ...) - NOT-FOR-US: Apple iOS + - freetype <unfixed> (bug #646120) CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an ...) NOT-FOR-US: Apple iOS CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS ...) @@ -2632,9 +2632,12 @@ RESERVED - xorg-server 2:1.9.0.901-1 [squeeze] - xorg-server 2:1.7.7-4 + [lenny] - xorg-server <no-dsa> (Minor issue) CVE-2010-4818 [X.org multiple input sanitization flaws] RESERVED - xorg-server 2:1.9.99.902-1 + [squeeze] - xorg-server <no-dsa> (Minor issue, will be fixed in a point update) + [lenny] - xorg-server <no-dsa> (Minor issue) NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact: NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543 NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4