maradns CVEified

mozilla issue that hasn't been checked so far a few drupal mod issues eclipse xpdf/poppler libpng not-affected we _do_ ship Mojarra git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@15952 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Raphael Geissert <geissert@debian.org> 2011-01-24 19:46:04 +0000
committer: Raphael Geissert <geissert@debian.org> 2011-01-24 19:46:04 +0000
commit: 4a8bd8221a148bbeb7fbb19363003eb5457fb4df (patch)
tree: 5a8c15be6b72d2b3ebaa4e44d5d2c33850c3fa23
parent: 2f52b49ee8ed2673d47cef38d94b0faa841d8205 (diff)
2 files changed, 44 insertions, 24 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 76da4cdb4a..83cbcdc9d2 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -5,9 +5,8 @@ CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
 	- shibboleth-sp2 <unfixed>
 	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
 	TODO: report & request id
-CVE-2011-XXXX [maradns crash with long queries]
+CVE-2011-0520 [maradns crash with long queries]
 	- maradns <unfixed> (bug #610834)
-	NOTE: CVE id requested
 CVE-2011-0634
 	RESERVED
 CVE-2011-0633
@@ -236,8 +235,6 @@ CVE-2011-0522
 	RESERVED
 CVE-2011-0521
 	RESERVED
-CVE-2011-0520
-	RESERVED
 CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo ...)
 	NOT-FOR-US: Gallarific
 CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS ...)
@@ -451,6 +448,7 @@ CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might a
 	[lenny] - gif2png <no-dsa> (Minor issue)
 	[squeeze] - gif2png <no-dsa> (Minor issue)
 CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
+	- eclipse <unfixed>
 	TODO: check
 CVE-2011-0426
 	RESERVED
@@ -531,7 +529,7 @@ CVE-2011-0410
 CVE-2011-0409
 	RESERVED
 CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...)
-	TODO: check
+	- libpng <not-affected> (vulnerable code introduced in 1.5.0, not packaged)
 CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
 	NOT-FOR-US: Phenotype CMS
 CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView ...)
@@ -898,10 +896,22 @@ CVE-2010-4655
 	RESERVED
 CVE-2010-4654
 	RESERVED
-CVE-2010-4653
+	- kdegraphics 4.0
+	- xpdf <unfixed>
+	- poppler <undetermined>
+	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
+	TODO: check
+CVE-2010-4653 
 	RESERVED
-CVE-2010-4652
+	- kdegraphics 4.0
+	- xpdf <unfixed>
+	- poppler <unfixed>
+	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
+	TODO: check
+CVE-2010-4652 [buffer overflow when preparing SQL queries]
 	RESERVED
+	- proftpd <unfixed>
+	TODO: check
 CVE-2010-4651 [patch directory traversal]
 	RESERVED
 	- patch <unfixed> (unimportant)
@@ -1745,11 +1755,14 @@ CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in .
 CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
 	NOT-FOR-US: MyBB
 CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
-	NOT-FOR-US: mod for Drupal
+	- drupal6-mod-views <undetermined>
+	TODO: check
 CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
-	NOT-FOR-US: mod for Drupal
+	- drupal6-mod-views <undetermined>
+	TODO: check
 CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
-	NOT-FOR-US: mod for Drupal
+	- drupal6-mod-views <undetermined>
+	TODO: check
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
@@ -1819,6 +1832,8 @@ CVE-2011-0024
 	RESERVED
 CVE-2011-0023
 	RESERVED
+	- linux-2.6 <undetermined>
+	TODO: check (to be rejected?)
 CVE-2011-0022
 	RESERVED
 CVE-2011-0021
@@ -3112,7 +3127,8 @@ CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44,
 	{DSA-2128-1}
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
 CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...)
-	NOT-FOR-US: Oracle Mojarra
+	- mojarra <unfixed>
+	TODO: check
 CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...)
 	NOT-FOR-US: WSN Links
 CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...)
@@ -3707,6 +3723,12 @@ CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16,
 	- iceape 2.0.11-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and ...)
+	- xulrunner <removed>
+	- icedove <undetermined>
+	- iceweasel <undetermined>
+	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+	- iceape <undetermined>
+	[lenny] - iceape <not-affected> (Only a stub package)
 	TODO: check
 CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-2132-1}
@@ -7579,9 +7601,11 @@ CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Gr
 CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...)
 	NOT-FOR-US: Pilot Group eLMS Pro
 CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
-	NOT-FOR-US: CCK module for Drupal
+	- drupal6-mod-cck <undetermined>
+	TODO: check
 CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
-	NOT-FOR-US: CCK module for Drupal
+	- drupal6-mod-cck <undetermined>
+	TODO: check
 CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
 	NOT-FOR-US: Novell Netware
 CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
@@ -8289,7 +8313,8 @@ CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...)
 CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...)
 	NOT-FOR-US: Microsoft .NET
 CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...)
-	NOT-FOR-US: Oracle Mojarra
+	- mojarra <unfixed>
+	TODO: check
 CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...)
 	NOT-FOR-US: Apache MyFaces
 CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...)
@@ -22537,9 +22562,11 @@ CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative pa
 CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...)
 	NOT-FOR-US: Booktree module for drupal
 CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...)
-	NOT-FOR-US: Views module for Drupal
+	- drupal6-mod-views <undetermined>
+	TODO: check
 CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...)
-	NOT-FOR-US: Views module for Drupal
+	- drupal6-mod-views <undetermined>
+	TODO: check
 CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...)
 	NOT-FOR-US: Nodequeue module for Drupal
 CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...)
@@ -77733,7 +77760,7 @@ CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Or
 CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
 	NOT-FOR-US: Check Point VPN
 CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
-	NOT-FOR-US: Apache Geronimo
+	- geronimo <itp> (bug #481869)
 CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in &quot;Blue ...)
 	NOT-FOR-US: AmbiCom Blue Neighbors
 CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
diff --git a/data/packages/new-packages b/data/packages/new-packages
index 1d1490aedb..75e6e48864 100644
--- a/data/packages/new-packages
+++ b/data/packages/new-packages
@@ -590,7 +590,6 @@ librb-inotify-ruby
 libtest-exit-perl
 maven-enforcer
 msva-perl
-png++
 pwget
 rabbitvcs-cli
 rabbitvcs-core
@@ -664,7 +663,6 @@ nagstamon
 skipfish
 ust
 webgen0.5
-gcc-3.3
 libhtml-defang-perl
 liblog-any-perl
 libnet-nationalrail-livedepartureboards-perl
@@ -736,7 +734,6 @@ urg
 yorick-optimpack
 bsl
 buzztard
-db4.8
 dracut
 drizzle
 drupal6-mod-i18n
@@ -1411,8 +1408,6 @@ libhibernate-jbosscache-java
 libpackage-deprecationmanager-perl
 libposix-strptime-perl
 libscalar-util-numeric-perl
-live-build
-openpyxl
 php-net-whois
 pike7.8
 projectm
@@ -1561,7 +1556,6 @@ jruby-joni
 jxgrabkey
 k8temp
 kcov
-kernel-handbook
 kmetronome
 kumofs
 ladvd
@@ -1597,7 +1591,6 @@ libdir-self-perl
 libdist-zilla-plugin-prepender-perl
 libdist-zilla-plugins-cjm-perl
 libdrumstick
-libeatmydata
 libelixirfm-perl
 libemail-outlook-message-perl
 libencode-hanextra-perl
author	Raphael Geissert <geissert@debian.org>	2011-01-24 19:46:04 +0000
committer	Raphael Geissert <geissert@debian.org>	2011-01-24 19:46:04 +0000
commit	4a8bd8221a148bbeb7fbb19363003eb5457fb4df (patch)
tree	5a8c15be6b72d2b3ebaa4e44d5d2c33850c3fa23
parent	2f52b49ee8ed2673d47cef38d94b0faa841d8205 (diff)