Author: jmm Date: 2011-11-02 17:25:51 +0000 (Wed, 02 Nov 2011) New Revision: 17543 Modified: data/CVE/list Log: - mark Firefox/HSTS as unimportant - piston CVEfied - net6 fixed, fix bugnum for CVE-2011-4091 - new wireshark issues, fixed in sid Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-11-02 10:56:32 UTC (rev 17542) +++ data/CVE/list 2011-11-02 17:25:51 UTC (rev 17543) @@ -1,6 +1,5 @@ -CVE-2011-XXXX [Django-piston and Tastypie] +CVE-2011-XXXX [Tastypie] - django-tastypie 0.9.10-1 (bug #647314) - - python-django-piston <unfixed> (bug #647315) CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before ...) NOT-FOR-US: Google App Engine CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before ...) @@ -295,12 +294,24 @@ RESERVED CVE-2011-4103 RESERVED + - python-django-piston <unfixed> (bug #647315) CVE-2011-4102 RESERVED + - wireshark 1.6.3-1 + NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html + NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch + NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches CVE-2011-4101 RESERVED + - wireshark 1.6.3-1 (unimportant) + NOTE: no code injection, not treated as a security issue, see README.Debian.security + NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html CVE-2011-4100 RESERVED + - wireshark 1.6.3-1 + [squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2) + [lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2) + NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html CVE-2011-4099 RESERVED CVE-2011-4098 @@ -318,7 +329,7 @@ RESERVED CVE-2011-4093 RESERVED - - net6 <unfixed> (low; bug #647318) + - net6 1:1.3.14-1 (low; bug #647318) [squeeze] - net6 <no-dsa> (Minor issue) [lenny] - net6 <no-dsa> (Minor issue) CVE-2011-4092 @@ -330,7 +341,7 @@ RESERVED [squeeze] - net6 <no-dsa> (Minor issue) [lenny] - net6 <no-dsa> (Minor issue) - - net6 <unfixed> (low; bug #647317) + - net6 1:1.3.14-1 (low; bug #647318) CVE-2011-4090 RESERVED CVE-2011-4089 @@ -3264,7 +3275,9 @@ - chromium-browser 4.0.211.0 - webkit <not-affected> CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to ...) - - iceweasel 4.0-1 + - iceweasel 4.0-1 (unimportant) + NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately + NOTE: a security feature enhancement CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...) - bugzilla 3.0.4-1 CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint ...)