Author: jmw Date: 2011-03-21 15:52:09 +0000 (Mon, 21 Mar 2011) New Revision: 16409 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: feedparser CVEs Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-20 19:30:16 UTC (rev 16408) +++ data/CVE/list 2011-03-21 15:52:09 UTC (rev 16409) @@ -630,12 +630,30 @@ RESERVED CVE-2011-1159 RESERVED -CVE-2011-1158 +CVE-2011-1158 [sanitizer doesn''t strip unsafe URI schemes] RESERVED -CVE-2011-1157 + - feedparser <unfixed> (low; bug #617998) + [squeeze] - feedparser <no-dsa> (Minor issue) + [lenny] - feedparser <no-dsa> (Minor issue) + NOTE: https://code.google.com/p/feedparser/issues/detail?id=255 +CVE-2011-1157 [sanitization can be bypassed by malformed XML comments] RESERVED -CVE-2011-1156 + - feedparser <unfixed> (low; bug #617998) + [squeeze] - feedparser <no-dsa> (Minor issue) + [lenny] - feedparser <no-dsa> (Minor issue) + NOTE: https://code.google.com/p/feedparser/issues/detail?id=254 +CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash] RESERVED + - feedparser <unfixed> (low; bug #617998) + [squeeze] - feedparser <no-dsa> (Minor issue) + [lenny] - feedparser <no-dsa> (Minor issue) + NOTE: https://code.google.com/p/feedparser/issues/detail?id=91 +CVE-2011-XXXX [XSS vuln] + - feedparser <unfixed> (low; bug #617998) + [squeeze] - feedparser <no-dsa> (Minor issue) + [lenny] - feedparser <no-dsa> (Minor issue) + NOTE: CVE requested + NOTE: http://code.google.com/p/feedparser/issues/detail?id=195 CVE-2011-1155 RESERVED CVE-2011-1154 Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2011-03-20 19:30:16 UTC (rev 16408) +++ data/ospu-candidates.txt 2011-03-21 15:52:09 UTC (rev 16409) @@ -158,6 +158,16 @@ -- +feedparser +CVE-2011-1158 [sanitizer doesn''t strip unsafe URI schemes] +CVE-2011-1157 [sanitization can be bypassed by malformed XML comments] +CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash] +CVE-2011-XXXX [XSS vuln] +#617998 +waiting unstable + +-- + feh (CVE-2011-XXXX) #612035 Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-03-20 19:30:16 UTC (rev 16408) +++ data/spu-candidates.txt 2011-03-21 15:52:09 UTC (rev 16409) @@ -26,6 +26,16 @@ -- +feedparser +CVE-2011-1158 [sanitizer doesn''t strip unsafe URI schemes] +CVE-2011-1157 [sanitization can be bypassed by malformed XML comments] +CVE-2011-1156 [invalid text in XML declaration causes sanitizer to crash] +CVE-2011-XXXX [XSS vuln] +#617998 +waiting unstable + +-- + feh (CVE-2011-0702) #612035 waiting unstable