Author: jmm Date: 2012-01-06 09:36:22 +0000 (Fri, 06 Jan 2012) New Revision: 18055 Modified: data/CVE/list Log: python update: mark distutils as unimportant CGI src disclosure fixed in 2.7 and 3.1, 2.6 will be removed for wheezy, too intrusive too backport add another mozilla ID, sid/testing only Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-01-06 09:33:48 UTC (rev 18054) +++ data/CVE/list 2012-01-06 09:36:22 UTC (rev 18055) @@ -585,9 +585,9 @@ [squeeze] - pidgin <no-dsa> (Minor issue) NOTE: http://www.pidgin.im/news/security/?id=50 CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and ...) - TODO: check + NOT-FOR-US: e107 CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, ...) - TODO: check + NOT-FOR-US: e107 CVE-2011-4919 RESERVED CVE-2011-4918 @@ -4724,7 +4724,11 @@ [squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4) - iceape <not-affected> (Only affects Firefox >= 4) CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - TODO: check + - xulrunner <not-affected> (Only affects Firefox >= 4) + - iceweasel 9.0-1 + [lenny] - iceweasel <not-affected> (Only affects Firefox >= 4) + [squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4) + - iceape <not-affected> (Only affects Firefox >= 4) CVE-2011-3659 RESERVED CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and ...) @@ -6157,7 +6161,7 @@ CVE-2011-3180 RESERVED CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...) - TODO: check + NOT-FOR-US: Novell Messenger CVE-2011-3178 RESERVED CVE-2011-3177 @@ -6169,7 +6173,7 @@ CVE-2011-3174 RESERVED CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in ...) - TODO: check + NOT-FOR-US: Novell Open Enterprise Server CVE-2011-3172 RESERVED CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly ...) @@ -12194,11 +12198,9 @@ CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...) - pixelpost <removed> CVE-2011-XXXX [python2.6: distutils world-readable password] - - python2.6 <unfixed> (low; bug #615118) - - python2.7 <unfixed> (low) - [squeeze] - python2.6 <no-dsa> (minor issue) - [lenny] - python2.6 <no-dsa> (minor issue) - TODO: are other python versions affected? + - python2.6 <unfixed> (unimportant; bug #615118) + - python2.7 <unfixed> (unimportant) + NOTE: Negligable impact CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick ...) NOT-FOR-US: FocalMedia.Net Quick Polls CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in ...) @@ -12470,11 +12472,11 @@ - python2.6 <unfixed> (low; bug #614860) [squeeze] - python2.6 <no-dsa> (Minor issue) - python2.5 <unfixed> (low) - [squeeze] - python2.5 <no-dsa> (Minor issue) - [lenny] - python2.5 <no-dsa> (Minor issue) + [squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) + [lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) - python2.4 <removed> (low) [lenny] - python2.4 <no-dsa> (Minor issue) - NOTE: Python 3.1 is fixed + NOTE: Python 2.7 and 3.1 are fixed NOTE: http://bugs.python.org/issue2254 CVE-2011-1014 RESERVED