Author: jmm Date: 2012-01-09 17:46:15 +0000 (Mon, 09 Jan 2012) New Revision: 18096 Modified: data/CVE/list data/spu-candidates.txt Log: - super fixed - pam spu candidate - update htmlpurifier status Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-01-09 17:37:13 UTC (rev 18095) +++ data/CVE/list 2012-01-09 17:46:15 UTC (rev 18096) @@ -7439,6 +7439,7 @@ CVE-2011-2776 RESERVED {DSA-2383-1} + - super 3.30.0-6 CVE-2011-2775 RESERVED CVE-2011-2774 (The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 ...) @@ -10891,10 +10892,12 @@ - python2.4 <removed> NOTE: http://bugs.python.org/issue11662 CVE-2011-XXXX [htmlpurifier various] - - php-htmlpurifier 4.3.0+dfsg1-1 + - php-htmlpurifier 4.3.0+dfsg1-1 (unimportant) - mahara 1.2.5-1 [lenny] - mahara 1.0.4-4+lenny10 NOTE: http://htmlpurifier.org/news/2011/0327-4.3.0-released + NOTE: htmlpurifier only provides library functions, it''s not vulnerable by itself + NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara) CVE-2011-1517 RESERVED CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...) @@ -17654,6 +17657,8 @@ - couchdb 1.1.0-1 CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...) - pam 1.1.3-1 (low; bug #608273) + [squeeze] - pam <no-dsa> (Minor issue) + [lenny] - pam <no-dsa> (Minor issue) CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...) NOT-FOR-US: Red Hat Conga CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...) Modified: data/spu-candidates.txt ==================================================================--- data/spu-candidates.txt 2012-01-09 17:37:13 UTC (rev 18095) +++ data/spu-candidates.txt 2012-01-09 17:46:15 UTC (rev 18096) @@ -157,6 +157,13 @@ -- +pam (CVE-2010-3435, CVE-2010-3853, CVE-2010-4706, CVE-2010-4707, CVE-2010-4708 +#608273 +#599832 +#611136 + +-- + prosody (CVE-2011-2205) #579087 Also requires additional fix in lua-expat