Author: gilbert-guest Date: 2009-10-30 22:42:49 +0000 (Fri, 30 Oct 2009) New Revision: 13160 Modified: data/CVE/list data/embedded-code-copies Log: expat embeds and embeds in python Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-30 22:42:38 UTC (rev 13159) +++ data/CVE/list 2009-10-30 22:42:49 UTC (rev 13160) @@ -264,10 +264,50 @@ CVE-2009-3720 [expat: dos] RESERVED {DSA-1921-1} - - expat <unfixed> (medium; bug #551936) + - expat <unfixed> (low; bug #551936) - w3c-libwww <unfixed> (low; bug #551938) [etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps) - - python-xml <unfixed> (medium; bug #551939) + - python-xml <unfixed> (low; bug #551939) + - python2.5 <unfixed> (low) + - python2.4 <unfixed> (low) + - wxwindows2.4 <removed> (low) + - wxwidgets2.6 <unfixed> (low) + - wxwidgets2.8 <unfixed> (low) + - python-celementree <unfixed> (low) + - audacity <unfixed> (low) + - matzana <unfixed> (low) + - tdom <unfixed> (low) + - udunits <unfixed> (low) + - apr-util <unfixed> (low) + - ayttm <unfixed> (low) + - cableswig <unfixed> (low) + - cadaver <unfixed> (low) + - cmake <unfixed> (low) + - coin3 <unfixed> (low) + - gdcm <unfixed> (low) + - ghostscript <unfixed> (low) + - grmonitor <unfixed> (low) + - iceape <unfixed> (low) + - insighttoolkit <unfixed> (low) + - libparagui1.1 <unfixed> (low) + - paraview <unfixed> (low) + - poco <unfixed> (low) + - simgear <unfixed> (low) + - sitecopy <unfixed> (low) + - smart <unfixed> (low) + - swish <unfixed> (low) + - tla <unfixed> (low) + - vtk <unfixed> (low) + - wbxml2 <unfixed> (low) + - xmlrpc-c <unfixed> (low) + - iceweasel <unfixed> (low) + - kompozer <unfixed> (low) + - vxl <unfixed> (low) + - xulrunner <unfixed> (low) + - apache2 <unfixed> (low) + - texlive-bin <unfixed> (low) + - vnc4 <unfixed> (low) + - xotcl <unfixed> (low) CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...) NOT-FOR-US: Battle Blog CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...) Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2009-10-30 22:42:38 UTC (rev 13159) +++ data/embedded-code-copies 2009-10-30 22:42:49 UTC (rev 13160) @@ -123,6 +123,8 @@ NOTE: inherited from fpc, see #472304 - erlang <unfixed> (embed) - gamera 3.2.3-1 (embed) + - python2.4 <unfixed> (embed; bug #553403) + - python2.5 <unfixed> (embed; bug #553403) dulwich - hg-git 0.1.0-1 (embed; bug #541996) @@ -196,8 +198,7 @@ - gcvs <unfixed> (embed) NOTE: see cvsunix/src in tarball -pcre - - python* <unfixed> (embed) +pcre3 - php4 <unknown> (embed) - analog 2:5.23-0woody1 (embed) - goffice <unfixed> (embed) @@ -985,6 +986,46 @@ - w3c-libwww <removed> (embed; bug #551941) [etch] - w3c-libwww <unfixed> (embed; bug #551941) [./modules/expat/*] - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*] + - python2.5 <unfixed> (embed; bug #553403) [./Modules/expat/*] + - python2.4 <unfixed> (embed; bug #553403) + - wxwindows2.4 <removed> (embed) + - wxwidgets2.6 <unfixed> (embed) + - wxwidgets2.8 <unfixed> (embed) + - python-celementree <unfixed> (embed) + - audacity <unfixed> (embed) + - matzana <unfixed> (embed) + - tdom <unfixed> (embed) + - udunits <unfixed> (embed) + - apr-util <unfixed> (embed) + - ayttm <unfixed> (embed) + - cableswig <unfixed> (embed) + - cadaver <unfixed> (embed) + - cmake <unfixed> (embed) + - coin3 <unfixed> (embed) + - gdcm <unfixed> (embed) + - ghostscript <unfixed> (embed) + - grmonitor <unfixed> (embed) + - iceape <unfixed> (embed) + - insighttoolkit <unfixed> (embed) + - libparagui1.1 <unfixed> (embed) + - paraview <unfixed> (embed) + - poco <unfixed> (embed) + - simgear <unfixed> (embed) + - sitecopy <unfixed> (embed) + - smart <unfixed> (embed) + - swish <unfixed> (embed) + - tla <unfixed> (embed) + - vtk <unfixed> (embed) + - wbxml2 <unfixed> (embed) + - xmlrpc-c <unfixed> (embed) + - iceweasel <unfixed> (embed) + - kompozer <unfixed> (embed) + - vxl <unfixed> (embed) + - xulrunner <unfixed> (embed) + - apache2 <unfixed> (embed) + - texlive-bin <unfixed> (embed) [included twice] + - vnc4 <unfixed> (embed) + - xotcl <unfixed> (embed) xerces-c - xerces-c2 <unfixed> (old-version) @@ -1045,3 +1086,7 @@ - python-whoosh <unknown> (embed) - twill <unknown> (embed) - zope-textindexng3 <unknown> (embed) + +python-pysqlite2 + - python2.4 <unfixed> (embed; bug #553403) + - python2.5 <unfixed> (embed; bug #553403)