Author: gilbert-guest Date: 2010-12-22 03:42:07 +0000 (Wed, 22 Dec 2010) New Revision: 15730 Modified: data/CVE/list data/embedded-code-copies Log: midori info, various updates on embedded code copies Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-22 01:41:15 UTC (rev 15729) +++ data/CVE/list 2010-12-22 03:42:07 UTC (rev 15730) @@ -1063,6 +1063,7 @@ [lenny] - mysql-gui-tools <no-dsa> (Minor issue) CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...) - dracut <not-affected> (vulnerable script not shipped) + - udev <not-affected> (vulnerable script not shipped; fedora-specific issue) CVE-2010-4175 [linux: integer overflow in RDS] RESERVED - linux-2.6 2.6.32-28 @@ -1713,8 +1714,9 @@ CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...) - openconnect 2.25-0.1 (bug #590873) CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...) - - midori 0.2.7-1.1 (unimportant) + - midori 0.2.7-1.1 (unimportant; bug #607497) NOTE: Current Midori SSL support is very limited + NOTE: Midori should not be used if SSL support is important to you CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...) Modified: data/embedded-code-copies ==================================================================--- data/embedded-code-copies 2010-12-22 01:41:15 UTC (rev 15729) +++ data/embedded-code-copies 2010-12-22 03:42:07 UTC (rev 15730) @@ -115,7 +115,7 @@ NOTE: somehow derived code base - mono <unfixed> (embed) TODO: check mozilla - - Linux kernels <unfixed> (embed) + - linux-2.6 <unfixed> (embed) - pvpgn 1.7.8-2 (embed) - mrtg 2.12.2-1 (embed) - rpm <unknown> (embed) @@ -131,8 +131,9 @@ - mirrordir <unfixed> - poco <unfixed> - klibc <unfixed> - - emboss <unfixed> - - ghostscript <unfixed> + - emboss 6.3.1-1 (embed) + - ghostscript 8.71~dfsg2-6 (embed) + NOTE: ghostscript fixed sometime before this, but this is the version i checked - freeimage <unfixed> - clamav <unfixed> (fork) NOTE: from the changelog: "libclamav6 does indeed duplicate parts of the zlib code, but there is not way around that" @@ -296,7 +297,7 @@ - erlang <unfixed> (embed) - ssed <unfixed> (embed) - ircd-hybrid <unfixed> (static) - - emboss <unfixd> + - emboss <unfixed> (fork) - cherokee <unfixed> (embed) - oftc-hybrid 1.6.9.dfsg-1 (embed) - ratbox-services <unfixed> (embed) @@ -1238,6 +1239,7 @@ NOTE: Might be fixed earlier. Lenny version recorded. - dasher 4.7.3-1 (embed) NOTE: Might be fixed earlier. Lenny version recorded. + - emboss 6.3.1-1 (embed) - gdcm 2.0.14-2 (embed) - ghostscript 8.71~dfsg-2 (embed) - grmonitor <removed> (embed) @@ -2059,3 +2061,6 @@ libasycns - loudmouth <unfixed> (embed; bug #566143) + +plplot + - emboss <unfixed> (fork)