Author: jmm Date: 2012-02-19 20:06:50 +0000 (Sun, 19 Feb 2012) New Revision: 18482 Modified: data/CVE/list Log: record sid fixes drop historic dillo entry Modified: data/CVE/list ==================================================================--- data/CVE/list 2012-02-19 19:39:09 UTC (rev 18481) +++ data/CVE/list 2012-02-19 20:06:50 UTC (rev 18482) @@ -2699,7 +2699,7 @@ - heimdal <unfixed> (high) - inetutils 2:1.8-6 (high) - krb5 1.8+dfsg~aa+r23527-1 (high) - - krb5-appl <unfixed> (high; bug #654231) + - krb5-appl 1:1.0.1-1.2 (high; bug #654231) NOTE: krb5 fixed through move of code to krb5-appl. CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum ...) NOT-FOR-US: Schneider Electric Quantum Ethernet Module @@ -14524,11 +14524,9 @@ CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server ...) NOT-FOR-US: IBM CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier ...) - - feh <unfixed> (low) + - feh 1.12-1 (low) [lenny] - feh <no-dsa> (Minor issue) [squeeze] - feh <no-dsa> (Minor issue) - NOTE: in 1.11.2-1 --no-clobber was added to the wget call in order - NOTE: to prevent overwriting files. can still be create thoug. questionable fix CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...) NOT-FOR-US: IBM CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...) @@ -29129,10 +29127,6 @@ CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000] - ffmpeg 4:0.5.1-1 (medium; bug #570713) - ffmpeg-debian <end-of-life> -CVE-2010-XXXX [dillo improper restriction of path in cookies] - - dillo <removed> - NOTE: http://hg.dillo.org/dillo/file/tip/ChangeLog - NOTE: it is not clear whether the issue affects pre-2.x versions CVE-2010-XXXX [phpbb3 weak captcha] - phpbb3 3.0.7-PL1-1 (unimportant; bug #570011) CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)