thr3ads.net - Secure testing commits - [Secure-testing-commits] r13538

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2009-Dec-13 04:45 UTC
[Secure-testing-commits] r13538 - data/CVE

Author: gilbert-guest
Date: 2009-12-13 04:45:39 +0000 (Sun, 13 Dec 2009)
New Revision: 13538

Modified:
   data/CVE/list
Log:
bugs submitted for expat issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-13 02:57:12 UTC (rev 13537)
+++ data/CVE/list	2009-12-13 04:45:39 UTC (rev 13538)
@@ -1470,47 +1470,108 @@
 	- expat 2.0.1-5 (low; bug #551936)
 	- w3c-libwww <removed> (low; bug #551938)
 	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
-	- python-xml <unfixed> (low; bug #551939)
-	TODO: check 	- python2.5 <unfixed> (low)
-	TODO: check 	- python2.4 <unfixed> (low)
-	TODO: check 	- wxwindows2.4 <removed> (low)
-	TODO: check 	- wxwidgets2.6 <unfixed> (low)
-	TODO: check 	- wxwidgets2.8 <unfixed> (low)
-	TODO: check 	- celementtree <unfixed> (low)
-	TODO: check 	- audacity <unfixed> (low)
-	TODO: check 	- matanza <unfixed> (low)
-	TODO: check 	- tdom <unfixed> (low)
-	TODO: check 	- udunits <unfixed> (low)
+	- python-xml <removed> (low; bug #560951)
+	[etch] - python-xml <no-dsa> (minor issue)
+	[lenny] - python-xml <no-dsa> (minor issue)
+	- python2.5 <unfixed> (low; bug #560912)
+	[etch] - python2.5 <no-dsa> (minor issue)
+	[lenny] - python2.5 <no-dsa> (minor issue)
+	- python2.4 <unfixed> (low; bug #560913)
+	[etch] - python2.4 <no-dsa> (minor issue)
+	[lenny] - python2.4 <no-dsa> (minor issue)
+	- python-4suite <unfixed> (low; bug #560914)
+	- wxwindows2.4 <removed> (low; bug #560915)
+	[etch] - wxwindows2.4 <no-dsa> (minor issue)
+	- wxwidgets2.6 <unfixed> (low; bug #560916)
+	[etch] - wxwidgets2.6 <no-dsa> (minor issue)
+	[lenny] - wxwidgets2.6 <no-dsa> (minor issue)
+	- wxwidgets2.8 <unfixed> (low; bug #560917)
+	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
+	- celementtree <unfixed> (low; bug #560918)
+	[etch] - celementtree <no-dsa> (minor issue)
+	[lenny] - celementtree <no-dsa> (minor issue)
+	- audacity <unfixed> (low; bug #560919)
+	[etch] - audacity <no-dsa> (minor issue)
+	[lenny] - audacity <no-dsa> (minor issue)
+	- matanza <unfixed> (low; bug #560920)
+	[etch] - matanza <no-dsa> (minor issue)
+	[lenny] - matanza <no-dsa> (minor issue)
+	- tdom <unfixed> (low; bug #560921)
+	[etch] - tdom <no-dsa> (minor issue)
+	[lenny] - tdom <no-dsa> (minor issue)
+	- udunits <unfixed> (low; bug #560922)
 	- apr-util <not-affected> (links to system expat)
-	TODO: check 	- ayttm <unfixed> (low)
-	TODO: check 	- cableswig <unfixed> (low)
-	TODO: check 	- cadaver <unfixed> (low)
-	TODO: check 	- cmake <unfixed> (low)
-	TODO: check 	- coin3 <unfixed> (low)
-	TODO: check 	- gdcm <unfixed> (low)
-	TODO: check 	- ghostscript <unfixed> (low)
-	TODO: check 	- grmonitor <unfixed> (low)
-	TODO: check 	- iceape <unfixed> (low)
-	TODO: check 	- insighttoolkit <unfixed> (low)
-	TODO: check 	- libparagui1.1 <unfixed> (low)
-	TODO: check 	- paraview <unfixed> (low)
-	TODO: check 	- poco <unfixed> (low)
-	TODO: check 	- simgear <unfixed> (low)
-	TODO: check 	- sitecopy <unfixed> (low)
-	TODO: check 	- smart <unfixed> (low)
-	TODO: check 	- swish-e <unfixed> (low)
-	TODO: check 	- tla <unfixed> (low)
-	TODO: check 	- vtk <unfixed> (low)
-	TODO: check 	- wbxml2 <unfixed> (low)
-	TODO: check 	- xmlrpc-c <unfixed> (low)
-	TODO: check 	- iceweasel <unfixed> (low)
-	TODO: check 	- kompozer 1:0.8~b1-2 (low)
-	TODO: check 	- vxl <unfixed> (low)
-	TODO: check 	- xulrunner <unfixed> (low)
+	- ayttm <unfixed> (low; bug #560924)
+	[etch] - ayttm <no-dsa> (minor issue)
+	[lenny] - ayttm <no-dsa> (minor issue)
+	- cableswig <unfixed> (low; bug #560925)
+	[etch] - cableswig <no-dsa> (minor issue)
+	[lenny] - cableswig <no-dsa> (minor issue)
+	- cadaver <unfixed> (low; bug #560926)
+	[etch] - cadaver <no-dsa> (minor issue)
+	[lenny] - cadaver <no-dsa> (minor issue)
+	- cmake <unfixed> (low; bug #560927)
+	[etch] - cmake <no-dsa> (minor issue)
+	[lenny] - cmake <no-dsa> (minor issue)
+	- coin3 <unfixed> (low; bug #560928)
+	- gdcm <unfixed> (low; bug #560929)
+	- ghostscript <unfixed> (low; bug #560930)
+	[lenny] - ghostscript <no-dsa> (minor issue)
+	- grmonitor <unfixed> (low; bug #560931)
+	[etch] - grmonitor <no-dsa> (minor issue)
+	[lenny] - grmonitor <no-dsa> (minor issue)
+	- iceape <unfixed> (low; bug #560932)
+	[etch] - iceape <no-dsa> (minor issue)
+	[lenny] - iceape <no-dsa> (minor issue)
+	- insighttoolkit <unfixed> (low; bug #560933)
+	[lenny] - insighttoolkit <no-dsa> (minor issue)
+	- libparagui1.1 <unfixed> (low; bug #560934)
+	[lenny] - libparagui1.1 <no-dsa> (minor issue)
+	- paraview <unfixed> (low; bug #560935)
+	[lenny] - paraview <no-dsa> (minor issue)
+	- poco <unfixed> (low; bug #560936)
+	[lenny] - poco <no-dsa> (minor issue)
+	- simgear <unfixed> (low; bug #560937)
+	[etch] - simgear <no-dsa> (minor issue)
+	[lenny] - simgear <no-dsa> (minor issue)
+	- sitecopy <unfixed> (low; bug #560938)
+	[etch] - sitecopy <no-dsa> (minor issue)
+	[lenny] - sitecopy <no-dsa> (minor issue)
+	- smart <unfixed> (low; bug #560953)
+	[etch] - smart <no-dsa> (minor issue)
+	[lenny] - smart <no-dsa> (minor issue)
+	- swish-e <unfixed> (low; bug #560939)
+	[etch] - swish-e <no-dsa> (minor issue)
+	[lenny] - swish-e <no-dsa> (minor issue)
+	- tla <unfixed> (low; bug #560940)
+	[etch] - tla <no-dsa> (minor issue)
+	[lenny] - tla <no-dsa> (minor issue)
+	- vtk <unfixed> (low; bug #560952)
+	[etch] - vtk <no-dsa> (minor issue)
+	[lenny] - vtk <no-dsa> (minor issue)
+	- wbxml2 <unfixed> (low; bug #560941)
+	[etch] - wbxml2 <no-dsa> (minor issue)
+	[lenny] - wbxml2 <no-dsa> (minor issue)
+	- xmlrpc-c <unfixed> (low; bug #560942)
+	[etch] - xmlrpc-c <no-dsa> (minor issue)
+	[lenny] - xmlrpc-c <no-dsa> (minor issue)
+	- iceweasel <unfixed> (low; bug #560943)
+	[etch] - iceweasel <no-dsa> (minor issue)
+	[lenny] - iceweasel <no-dsa> (minor issue)
+	- kompozer 1:0.8~b1-2 (low; bug #560944)
+	- vxl <unfixed> (low; bug #560945)
+	- xulrunner <unfixed> (low; bug #560946)
+	[etch] - xulrunner <no-dsa> (minor issue)
+	[lenny] - xulrunner <no-dsa> (minor issue)
 	- apache2 <not-affected> (links to system expat)
-	TODO: check 	- texlive-bin <unfixed> (low)
-	TODO: check 	- vnc4 <unfixed> (low)
-	TODO: check 	- xotcl <unfixed> (low)
+	- texlive-bin <unfixed> (low; bug #560948)
+	[etch] - texlive-bin <no-dsa> (minor issue)
+	[lenny] - texlive-bin <no-dsa> (minor issue)
+	- vnc4 <unfixed> (low; bug #560951)
+	[etch] - vnc4 <no-dsa> (minor issue)
+	[lenny] - vnc4 <no-dsa> (minor issue)
+	- xotcl <unfixed> (low; bug #560952)
+	[lenny] - xotcl <no-dsa> (minor issue)
 CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in
Battle Blog ...)
 	NOT-FOR-US: Battle Blog
 CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle
Blog ...)
@@ -1938,6 +1999,110 @@
 	NOT-FOR-US: Xerver HTTP Server
 CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat
2.0.1, ...)
 	- expat <unfixed> (low; bug #560901)
+	- w3c-libwww <removed>
+	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
+	- python-xml <removed> (low; bug #560951)
+	[etch] - python-xml <no-dsa> (minor issue)
+	[lenny] - python-xml <no-dsa> (minor issue)
+	- python2.5 <unfixed> (low; bug #560912)
+	[etch] - python2.5 <no-dsa> (minor issue)
+	[lenny] - python2.5 <no-dsa> (minor issue)
+	- python2.4 <unfixed> (low; bug #560913)
+	[etch] - python2.4 <no-dsa> (minor issue)
+	[lenny] - python2.4 <no-dsa> (minor issue)
+	- python-4suite <unfixed> (low; bug #560914)
+	- wxwindows2.4 <removed> (low; bug #560915)
+	[etch] - wxwindows2.4 <no-dsa> (minor issue)
+	- wxwidgets2.6 <unfixed> (low; bug #560916)
+	[etch] - wxwidgets2.6 <no-dsa> (minor issue)
+	[lenny] - wxwidgets2.6 <no-dsa> (minor issue)
+	- wxwidgets2.8 <unfixed> (low; bug #560917)
+	[lenny] - wxwidgets2.8 <no-dsa> (minor issue)
+	- celementtree <unfixed> (low; bug #560918)
+	[etch] - celementtree <no-dsa> (minor issue)
+	[lenny] - celementtree <no-dsa> (minor issue)
+	- audacity <unfixed> (low; bug #560919)
+	[etch] - audacity <no-dsa> (minor issue)
+	[lenny] - audacity <no-dsa> (minor issue)
+	- matanza <unfixed> (low; bug #560920)
+	[etch] - matanza <no-dsa> (minor issue)
+	[lenny] - matanza <no-dsa> (minor issue)
+	- tdom <unfixed> (low; bug #560921)
+	[etch] - tdom <no-dsa> (minor issue)
+	[lenny] - tdom <no-dsa> (minor issue)
+	- udunits <unfixed> (low; bug #560922)
+	- apr-util <not-affected> (links to system expat)
+	- ayttm <unfixed> (low; bug #560924)
+	[etch] - ayttm <no-dsa> (minor issue)
+	[lenny] - ayttm <no-dsa> (minor issue)
+	- cableswig <unfixed> (low; bug #560925)
+	[etch] - cableswig <no-dsa> (minor issue)
+	[lenny] - cableswig <no-dsa> (minor issue)
+	- cadaver <unfixed> (low; bug #560926)
+	[etch] - cadaver <no-dsa> (minor issue)
+	[lenny] - cadaver <no-dsa> (minor issue)
+	- cmake <unfixed> (low; bug #560927)
+	[etch] - cmake <no-dsa> (minor issue)
+	[lenny] - cmake <no-dsa> (minor issue)
+	- coin3 <unfixed> (low; bug #560928)
+	- gdcm <unfixed> (low; bug #560929)
+	- ghostscript <unfixed> (low; bug #560930)
+	[lenny] - ghostscript <no-dsa> (minor issue)
+	- grmonitor <unfixed> (low; bug #560931)
+	[etch] - grmonitor <no-dsa> (minor issue)
+	[lenny] - grmonitor <no-dsa> (minor issue)
+	- iceape <unfixed> (low; bug #560932)
+	[etch] - iceape <no-dsa> (minor issue)
+	[lenny] - iceape <no-dsa> (minor issue)
+	- insighttoolkit <unfixed> (low; bug #560933)
+	[lenny] - insighttoolkit <no-dsa> (minor issue)
+	- libparagui1.1 <unfixed> (low; bug #560934)
+	[lenny] - libparagui1.1 <no-dsa> (minor issue)
+	- paraview <unfixed> (low; bug #560935)
+	[lenny] - paraview <no-dsa> (minor issue)
+	- poco <unfixed> (low; bug #560936)
+	[lenny] - poco <no-dsa> (minor issue)
+	- simgear <unfixed> (low; bug #560937)
+	[etch] - simgear <no-dsa> (minor issue)
+	[lenny] - simgear <no-dsa> (minor issue)
+	- sitecopy <unfixed> (low; bug #560938)
+	[etch] - sitecopy <no-dsa> (minor issue)
+	[lenny] - sitecopy <no-dsa> (minor issue)
+	- smart <unfixed> (low; bug #560953)
+	[etch] - smart <no-dsa> (minor issue)
+	[lenny] - smart <no-dsa> (minor issue)
+	- swish-e <unfixed> (low; bug #560939)
+	[etch] - swish-e <no-dsa> (minor issue)
+	[lenny] - swish-e <no-dsa> (minor issue)
+	- tla <unfixed> (low; bug #560940)
+	[etch] - tla <no-dsa> (minor issue)
+	[lenny] - tla <no-dsa> (minor issue)
+	- vtk <unfixed> (low; bug #560952)
+	[etch] - vtk <no-dsa> (minor issue)
+	[lenny] - vtk <no-dsa> (minor issue)
+	- wbxml2 <unfixed> (low; bug #560941)
+	[etch] - wbxml2 <no-dsa> (minor issue)
+	[lenny] - wbxml2 <no-dsa> (minor issue)
+	- xmlrpc-c <unfixed> (low; bug #560942)
+	[etch] - xmlrpc-c <no-dsa> (minor issue)
+	[lenny] - xmlrpc-c <no-dsa> (minor issue)
+	- iceweasel <unfixed> (low; bug #560943)
+	[etch] - iceweasel <no-dsa> (minor issue)
+	[lenny] - iceweasel <no-dsa> (minor issue)
+	- kompozer 1:0.8~b1-2 (low; bug #560944)
+	- vxl <unfixed> (low; bug #560945)
+	- xulrunner <unfixed> (low; bug #560946)
+	[etch] - xulrunner <no-dsa> (minor issue)
+	[lenny] - xulrunner <no-dsa> (minor issue)
+	- apache2 <not-affected> (links to system expat)
+	- texlive-bin <unfixed> (low; bug #560948)
+	[etch] - texlive-bin <no-dsa> (minor issue)
+	[lenny] - texlive-bin <no-dsa> (minor issue)
+	- vnc4 <unfixed> (low; bug #560951)
+	[etch] - vnc4 <no-dsa> (minor issue)
+	[lenny] - vnc4 <no-dsa> (minor issue)
+	- xotcl <unfixed> (low; bug #560952)
+	[lenny] - xotcl <no-dsa> (minor issue)
 CVE-2009-3559 (** DISPUTED ** ...)
 	- php5 <unfixed> (unimportant)
 	NOTE: safe_mode regression
Secure testing commits - Dec 2009 - r13538 - data/CVE

[Secure-testing-commits] r13538 - data/CVE
