Author: jmm
Date: 2011-09-29 10:22:30 +0000 (Thu, 29 Sep 2011)
New Revision: 17329
Modified:
data/CVE/list
Log:
- iceape fixed
- new gimp issue
- new cups issues (needs ticket)
- apt CVEfied
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-09-29 09:14:19 UTC (rev 17328)
+++ data/CVE/list 2011-09-29 10:22:30 UTC (rev 17329)
@@ -484,9 +484,6 @@
NOTE: CVE id requested on oss-security
CVE-2011-XXXX [roundcube XSS in UI messages]
- roundcube 0.5.4+dfsg-1 (bug #641996)
-CVE-2011-XXXX [apt-key insecure validation]
- - apt <unfixed> (unimportant; bug #642480)
- NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-XXXX [atftp DoS]
- atftp 0.7.dfsg-11
CVE-2011-3644
@@ -1111,8 +1108,10 @@
RESERVED
CVE-2011-3375
RESERVED
-CVE-2011-3374
+CVE-2011-3374 [apt-key insecure validation]
RESERVED
+ - apt <unfixed> (unimportant; bug #642480)
+ NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373
RESERVED
CVE-2011-3372
@@ -1627,6 +1626,7 @@
RESERVED
CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8
and ...)
- cups 1.5.0-8
+ NOTE: This ID is for an incomplete fix for CVE-2011-2896
CVE-2010-4824
RESERVED
CVE-2010-4823
@@ -2054,7 +2054,7 @@
- xulrunner <removed>
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2999
RESERVED
@@ -2062,7 +2062,7 @@
- xulrunner <removed>
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2998 [http://www.mozilla.org/security/announce/2011/mfsa2011-37.html]
RESERVED
@@ -2070,7 +2070,7 @@
- xulrunner <removed>
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
CVE-2011-2997
@@ -2092,7 +2092,7 @@
- xulrunner <removed>
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2994
RESERVED
@@ -2416,7 +2416,9 @@
CVE-2011-2897
RESERVED
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c
in the ...)
- TODO: check
+ - cups 1.5.0-8
+ - gimp <unfixed> (bug filed)
+ TODO: There''s more:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2896
CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in
...)
{DSA-2293-1}
- libxfont 1:1.4.4-1
@@ -2460,6 +2462,7 @@
RESERVED
CVE-2011-2876
RESERVED
+ - cups 1.5.0-8
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -3828,7 +3831,7 @@
- xulrunner <removed>
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- - iceape <unfixed>
+ - iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla
Firefox ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}