Moritz Muehlenhoff
2011-Nov-23 17:37 UTC
[Secure-testing-commits] r17669 - in data: . CVE DSA
Author: jmm Date: 2011-11-23 17:37:24 +0000 (Wed, 23 Nov 2011) New Revision: 17669 Modified: data/CVE/list data/DSA/list data/next-point-update.txt data/spu-candidates.txt Log: - add missing CVE ID to icedove DSA - aptdaemon fixed in sid, doesn''t affect stable - gdk-pixbuf no-dsa - record nginx spu upload - record joomla dupe Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-11-23 09:14:21 UTC (rev 17668) +++ data/CVE/list 2011-11-23 17:37:24 UTC (rev 17669) @@ -5219,7 +5219,7 @@ RESERVED CVE-2011-2708 RESERVED - NOTE: duplicate of CVE-2011-2710 + NOTE: duplicate of CVE-2011-2710, will be rejected CVE-2011-2707 RESERVED - linux-2.6 <not-affected> (xtensa arch not used in Debian) @@ -5836,6 +5836,8 @@ CVE-2011-2485 [excessive memory use due improper checking of certain return values in GIF image loader] RESERVED - gdk-pixbuf 2.23.3-3.1 (bug #631524) + [squeeze] - gdk-pixbuf <no-dsa> (Minor issue) + [lenny] - gdk-pixbuf <no-dsa> (Minor issue) CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux ...) {DSA-2310-1 DSA-2303-1} - linux-2.6 2.6.39-3 (low) @@ -10905,9 +10907,8 @@ [lenny] - linux-2.6 2.6.26-26lenny3 [squeeze] - linux-2.6 2.6.32-32 CVE-2011-0725 (Absolute path traversal vulnerability in the ...) - - aptdaemon <unfixed> - TODO: check - NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/722228 + - aptdaemon 0.43+bzr707-1 + [squeeze] - aptdaemon <not-affected> (Introduced in 0.33) CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not ...) - italc <not-affected> (Only Edubuntu Live DVD affected) NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864 Modified: data/DSA/list ==================================================================--- data/DSA/list 2011-11-23 09:14:21 UTC (rev 17668) +++ data/DSA/list 2011-11-23 17:37:24 UTC (rev 17669) @@ -289,7 +289,7 @@ [squeeze] - wireshark 1.2.11-6+squeeze2 [lenny] - wireshark 1.0.2-3+lenny14 [06 Jul 2011] DSA-2273-3 icedove - multiple issues - {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376} + {CVE-2011-0083 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2365 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2605} [squeeze] - icedove 3.0.11-1+squeeze3 [05 Jul 2011] DSA-2272-1 bind9 - denial of service {CVE-2011-2464} Modified: data/next-point-update.txt ==================================================================--- data/next-point-update.txt 2011-11-23 09:14:21 UTC (rev 17668) +++ data/next-point-update.txt 2011-11-23 17:37:24 UTC (rev 17669) @@ -8,4 +8,8 @@ [squeeze] - xorg-server 2:1.7.7-14 CVE-2010-4818 [squeeze] - xorg-server 2:1.7.7-14 +CVE-2011-4315 + [squeeze] - nginx 0.7.67-3+squeeze1 + + Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-11-23 09:14:21 UTC (rev 17668) +++ data/spu-candidates.txt 2011-11-23 17:37:24 UTC (rev 17669) @@ -53,6 +53,11 @@ -- +gdk-pixbuf (CVE-2011-2485) +#631524 + +-- + gnash (CVE-2011-4328) #649384