Author: jmm Date: 2012-01-31 07:46:07 +0000 (Tue, 31 Jan 2012) New Revision: 18338 Modified: data/CVE/list data/next-point-update.txt Log: squeeze 6.0.4, part 2 Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-01-31 07:33:16 UTC (rev 18337) +++ data/CVE/list 2012-01-31 07:46:07 UTC (rev 18338) @@ -551,7 +551,7 @@ NOT-FOR-US: WHMCompleteSolution CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl ...) - libpar-perl 1.005-1 (bug #650707) - [squeeze] - libpar-perl <no-dsa> (Minor issue) + [squeeze] - libpar-perl 1.000-1+squeeze1 CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...) NOT-FOR-US: Windows Server CVE-2010-XXXX [webkit info disclosure/segfault] @@ -2870,7 +2870,7 @@ CVE-2012-0046 [mediawiki info leak] RESERVED - mediawiki 1:1.15.5-6 (low; bug #655694) - [squeeze] - mediawiki <no-dsa> (Minor issue) + [squeeze] - mediawiki 1:1.15.5-2squeeze3 [lenny] - mediawiki <not-affected> (Vulnerable code not present) CVE-2012-0045 RESERVED @@ -3166,7 +3166,7 @@ [squeeze] - python-virtualenv <no-dsa> (Minor issue) CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro ...) - libhtml-template-pro-perl 0.9507-1 (low; bug #652587) - [squeeze] - libhtml-template-pro-perl <no-dsa> (Minor issue) + [squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1 CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...) - zabbix 1:1.8.10-1 (bug #652664) CVE-2011-4614 [TYPO3-SA-2011-004] @@ -3850,6 +3850,7 @@ CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page ...) {DSA-2366-1} - mediawiki 1:1.15.5-4 (bug #650434) + [squeeze] - mediawiki <not-affected> (Vulnerable code not present) NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions] REJECTED @@ -3998,7 +3999,7 @@ RESERVED CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in ...) - nginx 1.1.8-1 (low) - [squeeze] - nginx <no-dsa> (Minor issue) + [squeeze] - nginx 0.7.67-3+squeeze1 [lenny] - nginx <no-dsa> (Minor issue) NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used ...) @@ -4606,7 +4607,7 @@ - libsocialweb 0.25.20-1 CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in ...) - gnutls26 2.12.14-1 (low; bug #648441) - [squeeze] - gnutls26 <no-dsa> (Minor issue) + [squeeze] - gnutls26 2.8.6-1+squeeze1 [lenny] - gnutls26 <no-dsa> (Minor issue) CVE-2011-4127 RESERVED @@ -4639,7 +4640,7 @@ RESERVED CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...) - libpar-packer-perl 1.012-1 (bug #650706) - [squeeze] - libpar-packer-perl <no-dsa> (Minor issue) + [squeeze] - libpar-packer-perl 1.006-1+squeeze1 CVE-2011-4113 RESERVED - drupal6-mod-views 2.14-1 @@ -6292,15 +6293,14 @@ NOTE: All supported Debian kernels have /dev/random, so severity unimportant CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin ...) - phppgadmin 5.0.3-1 (low; bug #644290) - [squeeze] - phppgadmin <no-dsa> (Minor issue) - NOTE: https://secunia.com/advisories/46248/ + [squeeze] - phppgadmin 4.2.3-1.1squeeze1 CVE-2011-3597 (Eval injection in the Digest module before 1.17 for Perl allows ...) - libdigest-perl 1.17-1 (low; bug #644108) + [squeeze] - libdigest-perl 1.16-1+squeeze1 [lenny] - libdigest-perl <no-dsa> (Minor issue) - [squeeze] - libdigest-perl <no-dsa> (Minor issue) - perl 5.12.4-6 (low; bug #644108) + [squeeze] - perl 5.10.1-17squeeze3 [lenny] - perl <no-dsa> (Minor issue) - [squeeze] - perl <no-dsa> (Minor issue) NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e CVE-2011-3596 RESERVED @@ -6894,7 +6894,7 @@ RESERVED - masqmail 0.2.30-1 (low; bug #638002) [lenny] - masqmail <no-dsa> (no security issue by itself) - [squeeze] - masqmail <no-dsa> (no security issue by itself) + [squeeze] - masqmail 0.2.27-1.1+squeeze1 CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft ...) {DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1} - sun-java6 <removed> (bug #645881) @@ -6963,7 +6963,7 @@ CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...) - etherape 0.9.12-1 (low; bug #645324) [lenny] - etherape <no-dsa> (Minor issue) - [squeeze] - etherape <no-dsa> (Minor issue) + [squeeze] - etherape 0.9.8-1+squeeze1 CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...) - apache2 2.2.21-2 (medium) NOTE: http://article.gmane.org/gmane.comp.apache.announce/61 @@ -8207,7 +8207,7 @@ [lenny] - stunnel4 <not-affected> (Only 4.4x affected) CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in ...) - perl 5.12.4-4 (low; bug #637376) - [squeeze] - perl <no-dsa> (Minor issue) + [squeeze] - perl 5.10.1-17squeeze3 [lenny] - perl <no-dsa> (Minor issue) - libencode-perl 2.44-1 (low) CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...) @@ -8915,7 +8915,7 @@ CVE-2011-2722 RESERVED - hplip 3.11.10-1 (bug #635549; low) - [squeeze] - hplip <no-dsa> (Minor issue) + [squeeze] - hplip 3.10.6-2+squeeze0 [lenny] - hplip <not-affected> (Vulnerable code not present) CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in ...) - clamav 0.97.2+dfsg-1 (bug #635599) @@ -10262,7 +10262,7 @@ CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...) - libdata-formvalidator-perl 4.66-3 (low; bug #629511) [lenny] - libdata-formvalidator-perl <no-dsa> (Minor issue) - [squeeze] - libdata-formvalidator-perl <no-dsa> (Minor issue) + [squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1 CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...) - dbus 1.4.12-1 (low; bug #629938) [squeeze] - dbus 1.2.24-4+squeeze1 @@ -11000,6 +11000,7 @@ CVE-2011-1933 RESERVED - libjifty-dbi-perl 0.68-1 (low; bug #622919) + [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1 CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in ...) - widelands 1:15-3 (low; bug #617960) [lenny] - widelands <no-dsa> (Minor issue) @@ -11604,7 +11605,7 @@ CVE-2011-1749 [nfs-utils: mount.nfs fails to anticipate RLIMIT_FSIZE] RESERVED - nfs-utils 1:1.2.3-3 (low; bug #629420) - [squeeze] - nfs-utils <no-dsa> (Minor issue) + [squeeze] - nfs-utils 1:1.2.2-4squeeze2 [lenny] - nfs-utils <no-dsa> (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975 CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...) @@ -12612,7 +12613,7 @@ NOT-FOR-US: Ipswitch IMail CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...) - mutt 1.5.21-5 (low; bug #619216) - [squeeze] - mutt <no-dsa> (Minor issue) + [squeeze] - mutt 1.5.20-9+squeeze2 [lenny] - mutt <no-dsa> (Minor issue) NOTE: http://dev.mutt.org/trac/ticket/3506 CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...) Modified: data/next-point-update.txt ==================================================================--- data/next-point-update.txt 2012-01-31 07:33:16 UTC (rev 18337) +++ data/next-point-update.txt 2012-01-31 07:46:07 UTC (rev 18338) @@ -1,46 +1,17 @@ -CVE-2011-3369 - [squeeze] - etherape 0.9.8-1+squeeze1 CVE-2011-4029 [squeeze] - xorg-server 2:1.7.7-14 CVE-2011-4028 [squeeze] - xorg-server 2:1.7.7-14 CVE-2010-4818 [squeeze] - xorg-server 2:1.7.7-14 -CVE-2011-4315 - [squeeze] - nginx 0.7.67-3+squeeze1 -CVE-2011-2722 - [squeeze] - hplip 3.10.6-2+squeeze0 -CVE-2011-4114 - [squeeze] - libpar-packer-perl 1.006-1+squeeze1 -CVE-2011-5060 - [squeeze] - libpar-perl 1.000-1+squeeze1 -CVE-2011-1429 - [squeeze] - mutt 1.5.20-9+squeeze2 -CVE-2011-2201 - [squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1 -CVE-2011-3350 - [squeeze] - masqmail 0.2.27-1.1+squeeze1 -CVE-2011-4128 - [squeeze] - gnutls26 2.8.6-1+squeeze1 CVE-2011-3378 [squeeze] - rpm 4.8.1-6+squeeze1 -CVE-2011-4616 - [squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1 -CVE-2011-2939 - [squeeze] - perl 5.10.1-17squeeze3 -CVE-2011-3597 - [squeeze] - perl 5.10.1-17squeeze3 - [squeeze] - libdigest-perl 1.16-1+squeeze1 CVE-2011-2902 [squeeze] - xpdf 3.02-12+squeeze1 -CVE-2011-1749 - [squeeze] - nfs-utils 1:1.2.2-4squeeze2 CVE-2011-1843 [squeeze] - tinyproxy 1.8.2-1squeeze2 CVE-2011-4617 [squeeze] - python-virtualenv 1.4.9-3squeeze1 -CVE-2011-3598 - [squeeze] - phppgadmin 4.2.3-1.1squeeze1 CVE-2011-3594 [squeeze] - pidgin 2.7.3-1+squeeze2 CVE-2011-4601 @@ -51,6 +22,4 @@ [squeeze] - pidgin 2.7.3-1+squeeze2 CVE-2011-1575 [squeeze] - pure-ftpd 1.0.28-3+squeeze1 -CVE-2011-1933 - [squeeze] - libjifty-dbi-perl 0.60-1+squeeze1