Author: jmm Date: 2011-10-10 07:45:04 +0000 (Mon, 10 Oct 2011) New Revision: 17400 Modified: data/CVE/list data/next-oldstable-point-update.txt data/ospu-candidates.txt data/spu-candidates.txt Log: record remaining security fixes from 6.0.3 point update Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-10-10 00:39:18 UTC (rev 17399) +++ data/CVE/list 2011-10-10 07:45:04 UTC (rev 17400) @@ -1,3 +1,15 @@ +CVE-2011-XXXX [lintian disclosure of file presense] + - lintian 2.5.2 (unimportant) + [squeeze] - lintian 2.4.3+squeeze1 +CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues] + - ibid 0.1.1+dfsg-1 + [squeeze] - ibid 0.1.0+dfsg-2+squeeze1 +CVE-2011-XXXX [SA-CORE-2011-001] + NOTE: http://drupal.org/node/1168756 + - drupal7 7.2-1 + - drupal6 6.22-1 + [squeeze] - drupal6 6.18-1squeeze1 + TODO: Check status of "Reflected cross site scripting vulnerability in error handler" in Squeeze CVE-2011-4025 RESERVED CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension ...) @@ -1013,7 +1025,7 @@ - libdigest-perl 1.17-1 (low; bug #644108) [lenny] - libdigest-perl <no-dsa> (Minor issue) [squeeze] - libdigest-perl <no-dsa> (Minor issue) - - perl <unfixed> (low) + - perl 5.12.4-6 (low) [lenny] - perl <no-dsa> (Minor issue) [squeeze] - perl <no-dsa> (Minor issue) NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e @@ -1059,8 +1071,8 @@ CVE-2011-3584 [TYPO3-SA-2011-003] RESERVED - typo3-src 4.5.6+dfsg1-1 (low; bug #641683) - [squeeze] - typo3-src <no-dsa> (Minor issue, will be fixed through point update) - [lenny] - typo3-src <not-affected> (Minor issue, will be fixed through point update) + [squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2 + [lenny] - typo3-src <no-dsa> (Minor issue, will be fixed through point update) CVE-2011-3583 [TYPO3-SA-2011-002] RESERVED - typo3-src 4.5.6+dfsg1-1 (low; bug #641682) Modified: data/next-oldstable-point-update.txt ==================================================================--- data/next-oldstable-point-update.txt 2011-10-10 00:39:18 UTC (rev 17399) +++ data/next-oldstable-point-update.txt 2011-10-10 07:45:04 UTC (rev 17400) @@ -1,4 +1,6 @@ CVE-2011-XXXX [unsafe use of eval] - libdigest-perl 1.15-2+lenny1 +CVE-2011-3584 [TYPO3-SA-2011-003] + [lenny] - typo3-src 4.2.5-1+lenny9 Modified: data/ospu-candidates.txt ==================================================================--- data/ospu-candidates.txt 2011-10-10 00:39:18 UTC (rev 17399) +++ data/ospu-candidates.txt 2011-10-10 07:45:04 UTC (rev 17400) @@ -522,6 +522,10 @@ -- +perl (CVE-2011-3597) + +-- + phpbb3 (CVE-2010-1630, 1627) -- Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2011-10-10 00:39:18 UTC (rev 17399) +++ data/spu-candidates.txt 2011-10-10 07:45:04 UTC (rev 17400) @@ -65,6 +65,10 @@ -- +perl (CVE-2011-3597) + +-- + pidgin (CVE-2011-XXXX, CVE-2011-1091) http://www.pidgin.im/news/security/?id=50