Author: jmm Date: 2011-10-05 15:25:44 +0000 (Wed, 05 Oct 2011) New Revision: 17372 Modified: data/CVE/list data/ospu-candidates.txt data/spu-candidates.txt Log: - mutt no-dsa - new issues in kdelibs, rekonq, chromium and moin - new libreoffice issue (already fixed in sid and DSA already) - fix broken cups entry, this was typod Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-10-05 15:03:59 UTC (rev 17371) +++ data/CVE/list 2011-10-05 15:25:44 UTC (rev 17372) @@ -220,6 +220,8 @@ RESERVED CVE-2011-3873 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-XXXX [Fix file indirectory injection] - puppet 2.7.3-3 (unimportant) [squeeze] - puppet 2.6.2-5+squeeze1 @@ -1387,8 +1389,14 @@ RESERVED CVE-2011-3366 RESERVED + - rekonq <unfixed> + TODO: File bugs + NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt CVE-2011-3365 RESERVED + - kde4libs <unfixed> + NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt + TODO: File bugs CVE-2011-3364 RESERVED CVE-2011-3363 @@ -2704,17 +2712,28 @@ NOT-FOR-US: Citrix Access Gateway CVE-2011-2881 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2880 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2879 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2878 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2877 RESERVED + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2876 RESERVED - - cups 1.5.0-8 + - chromium-browser 14.0.835.202~r103287-1 + - libv8 <undetermined> CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) - chromium-browser 14.0.835.163~r101024-1 [squeeze] - chromium-browser <not-affected> @@ -3211,6 +3230,9 @@ NOT-FOR-US: Drupal data module CVE-2011-2713 RESERVED + - libreoffice 1:3.4.3-1 + - openoffice.org 1:3.3.0-1 + NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...) TODO: check CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...) @@ -6822,6 +6844,8 @@ NOT-FOR-US: Ipswitch IMail CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...) - mutt 1.5.21-5 (low; bug #619216) + [squeeze] - mutt <no-dsa> (Minor issue) + [lenny] - mutt <no-dsa> (Minor issue) NOTE: http://dev.mutt.org/trac/ticket/3506 CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...) NOT-FOR-US: WeeChat @@ -7898,8 +7922,7 @@ CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...) NOT-FOR-US: s389 LDAP server CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...) - - moin <unfixed> - TODO: check + - moin 1.9.3-3 CVE-2011-1057 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...) NOT-FOR-US: Metasploit Framework CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...) Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2011-10-05 15:03:59 UTC (rev 17371) +++ data/ospu-candidates.txt 2011-10-05 15:25:44 UTC (rev 17372) @@ -475,6 +475,11 @@ -- +mutt (CVE-2011-1429) +#619216 + +-- + mpg123 (CVE-2009-1301) notified maintainer Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-10-05 15:03:59 UTC (rev 17371) +++ data/spu-candidates.txt 2011-10-05 15:25:44 UTC (rev 17372) @@ -48,6 +48,11 @@ -- +mutt (CVE-2011-1429) +#619216 + +-- + open-vm-tools (CVE-2011-1681) #623968 waiting stable