The OVAL Repository5.52014-07-01T06:34:07.269-04:00DSA-2647-1 firebird2.1 - buffer overflowDebian 6.0firebird2.1A buffer overflow was discovered in the Firebird database server, which could result in the execution of arbitrary code.Sergey ArtykhovDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2342-1 iceape -- severalDebian 6.0iceapeSeveral vulnerabilities have been found in the Iceape internet suite, an unbranded version of Seamonkey: CVE-2011-3647 "moz_bug_r_a4" discovered a privilege escalation vulnerability in addon handling. CVE-2011-3648 Yosuke Hasegawa discovered that incorrect handling of Shift-JIS encodings could lead to cross-site scripting. CVE-2011-3650 Marc Schoenefeld discovered that profiling the Javascript code could lead to memory corruption. The oldstable distribution is not affected. The iceape package only provides the XPCOM code.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDSA-2321-1 moin -- cross-site scriptingDebian 5.0Debian 6.0moinA cross-site scriping vulnerability was discovered in the rst parser of Moin, a Python clone of WikiWiki.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDebian GNU/Linux 5.0 is installedDebian GNU/Linux 5.0Debian GNU/Linux 5.0 (lenny) is installedSecPod TeamDRAFTINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDChandan SINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDDSA-2336-1 ffmpeg -- severalDebian 6.0ffmpegMultiple vulnerabilities were found in the ffmpeg, a multimedia player, server and encoder: CVE-2011-3362 An integer signedness error in decode_residual_block function of the Chinese AVS video decoder in libavcodec can lead to denial of service or possible code execution via a crafted CAVS file. CVE-2011-3973/CVE-2011-3974 Multiple errors in the Chinese AVS video decoder can lead to denial of service via an invalid bitstream. CVE-2011-3504 A memory allocation problem in the Matroska format decoder can lead to code execution via a crafted file.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDDSA-2282-1 qemu-kvm -- severalDebian 6.0qemu-kvmTwo vulnerabilities have been discovered in KVM, a solution for full virtualization on x86 hardware: CVE-2011-2212 Nelson Elhage discovered a buffer overflow in the virtio subsystem, which could lead to denial of service or privilege escalation. CVE-2011-2527 Andrew Griffiths discovered that group privileges were insufficiently dropped when started with -runas option, resulting in privilege escalation.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDebian 6.0 is installedDebian 6.0Debian 6.0 (squeeze) is installedSecPod TeamDRAFTINTERIMChandan SACCEPTEDSergey ArtykhovINTERIMACCEPTEDACCEPTEDfirebird2.1iceapemoinffmpeg/etcdebian_version^(\d\.\d).*$1qemu-kvm0:2.1.3.18185-0.ds1-11+squeeze10:2.0.11-95.00:1.7.1-3+lenny60:1.9.3-1+squeeze10:4:0.5.5-16.00:0.12.5+dfsg-5+squeeze6