Author: thijs Date: 2011-10-08 14:21:55 +0000 (Sat, 08 Oct 2011) New Revision: 17393 Modified: data/CVE/list data/next-point-update.txt Log: squeeze point release 6.0.3 Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-10-08 13:16:41 UTC (rev 17392) +++ data/CVE/list 2011-10-08 14:21:55 UTC (rev 17393) @@ -1516,7 +1516,7 @@ NOT-FOR-US: IBM Rational Build Forge CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel ...) - quassel 0.7.3-1 (low; bug #640960) - [squeeze] - quassel <no-dsa> (Minor issue) + [squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960) NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...) NOT-FOR-US: IBM OpenAdmin Too @@ -1982,7 +1982,7 @@ CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through ...) - openssl 1.0.0e-1 [lenny] - openssl 0.9.8g-15+lenny13 - [squeeze] - openssl <no-dsa> (Minor issue) + [squeeze] - openssl 0.9.8o-4squeeze3 CVE-2011-3209 RESERVED CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...) @@ -2720,7 +2720,7 @@ CVE-2011-XXXX [atop insecure tempfile handling] - atop 1.23-1.1 (low; bug #622794) [lenny] - atop 1.23-1+lenny1 (bug #622794) - [squeeze] - atop <no-dsa> (Minor issue) + [squeeze] - atop 1.23-1+squeeze1 (bug #622794) CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava ...) NOT-FOR-US: Ecava IntegraXor CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk ...) @@ -3309,7 +3309,7 @@ CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...) - openarena 0.8.5-5+exp1 NOTE: Current openarena packages use the share ioquake3 engine - [squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update) + [squeeze] - openarena 0.8.5-5+squeeze1 - ioquake3 1.36+svn1946-4 CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...) TODO: check @@ -3542,7 +3542,7 @@ RESERVED - foo2zjs 20110722dfsg-1 (low; bug #633870) [lenny] - foo2zjs <no-dsa> (Minor issue) - [squeeze] - foo2zjs <no-dsa> (Minor issue) + [squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0 CVE-2011-2683 RESERVED - reseed <removed> @@ -3981,7 +3981,7 @@ - libvirt 0.9.2-7 (bug #633630) CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature ...) - dokuwiki 0.0.20110525a-1 (low; bug #631818) - [squeeze] - dokuwiki <no-dsa> (Minor issue, will be fixed in point update) + [squeeze] - dokuwiki 0.0.20091225c-10+squeeze2 [lenny] - dokuwiki 0.0.20080505-4+lenny3 CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) - joomla <itp> (bug #571794) @@ -4816,7 +4816,7 @@ RESERVED - vte 1:0.28.1-1 (low; bug #629688) [lenny] - vte <no-dsa> (Minor issue) - [squeeze] - vte <no-dsa> (Minor issue) + [squeeze] - vte 1:0.24.3-3 CVE-2011-XXXX [libpam-ssh: pam_ssh not dropping root gid(s)] - libpam-ssh <unfixed> (low) [squeeze] - libpam-ssh <no-dsa> (Minor issue) @@ -5485,7 +5485,7 @@ CVE-2011-1935 [packet truncation in libpcap] RESERVED - libpcap 1.1.1-4 (low; bug #623868) - [squeeze] - libpcap <no-dsa> (Minor issue) + [squeeze] - libpcap 1.1.1-2+squeeze1 [lenny] - libpcap <not-affected> NOTE: <878vsbyviu.fsf at silenus.orebokech.com> CVE-2011-1934 [lilo: lilo.conf world-readable] @@ -5549,7 +5549,7 @@ - subversion 1.6.17dfsg-1 CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111 ...) - pmake 1.111-3 (low; bug #626673) - [squeeze] - pmake <no-dsa> (Minor issue) + [squeeze] - pmake 1.111-2+squeeze1 [lenny] - pmake 1.111-1+lenny1 CVE-2011-1919 RESERVED @@ -6748,7 +6748,7 @@ [lenny] - tinyproxy <not-affected> (Vulnerable code not present) CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...) - httpcomponents-client 4.1.1-1 (bug #628727) - [squeeze] - httpcomponents-client <no-dsa> (Minor issue) + [squeeze] - httpcomponents-client 4.0.1-1squeeze1 NOTE: http://seclists.org/oss-sec/2011/q2/188 NOTE: http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt CVE-2011-1497 @@ -8112,7 +8112,7 @@ CVE-2011-1070 RESERVED - v86d 0.1.10-1 (low; bug #619404) - [squeeze] - v86d <no-dsa> (Minor issue) + [squeeze] - v86d 0.1.9-1+squeeze1 [lenny] - v86d 0.1.5.2-1+lenny1 CVE-2011-1069 RESERVED @@ -8973,15 +8973,15 @@ CVE-2011-1136 [tesseract tempfile] RESERVED - tesseract 2.04-2.1 (low; bug #612032) - [squeeze] - tesseract <no-dsa> (Minor issue) + [squeeze] - tesseract 2.04-2+squeeze1 [lenny] - tesseract 2.03-2+lenny1 (bug #612032) CVE-2011-XXXX [conky tempfile] - conky 1.8.0-1.1 (low; bug #612033) - [squeeze] - conky <no-dsa> (Minor issue) + [squeeze] - conky 1.8.0-1+squeeze1 [lenny] - conky 1.6.0-2+lenny1 CVE-2011-XXXX [aptitude tempfile] - aptitude 0.6.3-4 (low; bug #612034) - [squeeze] - aptitude <no-dsa> (Minor issue) + [squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034) [lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034) CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote ...) NOT-FOR-US: PivotX @@ -9956,7 +9956,7 @@ RESERVED - evince 2.32.0-1 (bug #614668) - vftool 2.0alpha-4.1 (low; bug #614669) - [squeeze] - vftool <no-dsa> (Minor issue) + [squeeze] - vftool 2.0alpha-4+squeeze1 [lenny] - vftool 2.0alpha-3+lenny1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923 CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in ...) Modified: data/next-point-update.txt ==================================================================--- data/next-point-update.txt 2011-10-08 13:16:41 UTC (rev 17392) +++ data/next-point-update.txt 2011-10-08 14:21:55 UTC (rev 17393) @@ -1,32 +1,3 @@ -CVE-2011-1498 - [squeeze] - httpcomponents-client 4.0.1-1squeeze1 -CVE-2011-2510 - [squeeze] - dokuwiki 0.0.20091225c-10+squeeze2 -CVE-2011-0433 - [squeeze] - vftool 2.0alpha-4+squeeze1 -CVE-2011-1935 - [squeeze] - libpcap 1.1.1-2+squeeze1 -CVE-2011-1136 - [squeeze] - tesseract 2.04-2+squeeze1 -CVE-2011-2764 - [squeeze] - openarena 0.8.5-5+squeeze1 -CVE-2011-XXXX - [squeeze] - conky 1.8.0-1+squeeze1 -CVE-2011-2684 - [squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0 -CVE-2011-1920 - [squeeze] - pmake 1.111-2+squeeze1 -CVE-2011-2198 - [squeeze] - vte 1:0.24.3-3 -CVE-2011-XXXX - [squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034) -CVE-2011-XXXX - [squeeze] - atop 1.23-1+squeeze1 (bug #622794) -CVE-2011-3354 - [squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960) -CVE-2011-1070 - RESERVED - [squeeze] - v86d 0.1.9-1+squeeze1 CVE-2011-XXXX [unsafe use of eval] - libdigest-perl 1.16-1+squeeze1