diff options
author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-10-21 23:05:29 +0000 |
---|---|---|
committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-10-21 23:05:29 +0000 |
commit | 6592df5c7eefe85daca1775cf6bd1633b545285f (patch) | |
tree | fcc4f1a0e2762546b4f2df9370e61fd47132a9d6 /data | |
parent | 9d12c1cf1af493f5634f5276c1a1a3dd890a06af (diff) |
- as per discussion a while back, kompozer as unsupported
- chromium issue
- expat issue
- expat embeds
- track xerces old versions
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13065 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list | 7 | ||||
-rw-r--r-- | data/embedded-code-copies | 11 | ||||
-rw-r--r-- | data/package-tags | 3 |
3 files changed, 21 insertions, 0 deletions
diff --git a/data/CVE/list b/data/CVE/list index 2377513482..ef64f4d87f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,7 @@ +CVE-2009-XXXX [chromium: rss xss] + - chromium-browser <itp> (low; bug #520324) + NOTE: http://seclists.org/fulldisclosure/2009/Sep/201 + NOTE: other browsers are not affected (only chrome and opera) CVE-2009-3733 RESERVED CVE-2009-3732 @@ -3525,6 +3529,9 @@ CVE-2009-2625 (Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE - sun-java6 6-15-1 [lenny] - sun-java6 <no-dsa> (Non-free not supported) - openjdk-6 6b16-1.6-1 (medium; bug #542210) + - expat <unfixed> (medium; bug #551936) + - w3c-libwww <unfixed> (medium; bug #551938) + - python-xml <unfixed> (medium; bug #551939) CVE-2009-2624 RESERVED CVE-2009-2623 diff --git a/data/embedded-code-copies b/data/embedded-code-copies index 0701d06e08..dbcc94abdb 100644 --- a/data/embedded-code-copies +++ b/data/embedded-code-copies @@ -975,3 +975,14 @@ shibboleth-sp2 tuxonice-userui - suspend2-userui <removed> (old-version) + +expat + - w3c-www <unfixed> (embed; bug #551941) [./modules/expat/*] + - python-xml <unfixed> (embed; bug #551940) [./extensions/expat/*] + +xerces-c + - xerces-c2 <unfixed> (old-version) + - xerces27 <removed> (old-version) + +md5 (RSA's version; not the gnu version provided by coreutils) + - w3c-www <unfixed> (embed; bug #551942) [./modules/md5/*] diff --git a/data/package-tags b/data/package-tags index a0454383cf..70833bd991 100644 --- a/data/package-tags +++ b/data/package-tags @@ -27,3 +27,6 @@ [etch] clamav <unsupported> (No signature updates anymore, should be taken from volatile) [lenny] clamav <unsupported> (No signature updates anymore, should be taken from volatile) + +[sid] kompozer <unsupported> (vulnerable to all xulrunner issues, but intended use is not for untrusted or networked sources) +[squeeze] kompozer <unsupported> (vulnerable to all xulrunner issues, but intended use is not for untrusted or networked sources) |