[Secure-testing-commits] r3108 - data/CVE

Moritz Muehlenhoff jmm-guest at costa.debian.org
Tue Dec 20 13:52:13 UTC 2005 

Author: jmm-guest
Date: 2005-12-20 13:52:07 +0000 (Tue, 20 Dec 2005)
New Revision: 3108

Modified:
   data/CVE/list
Log:
checked some of the open firefox issues, these aren't critical


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-12-20 12:44:04 UTC (rev 3107)
+++ data/CVE/list	2005-12-20 13:52:07 UTC (rev 3108)
@@ -2747,8 +2747,10 @@
 CVE-2005-XXXX [ntop format string vulnerability]
 	- ntop <unfixed> (bug #335996; low)
 	NOTE: Possibly not exploitable
-CVE-2005-XXXX [Firefox IFRAME buffer overflow]
-	- mozilla-firefox <unfixed> (bug #336171; medium)
+CVE-2005-XXXX [Firefox IFRAME DoS]
+	- mozilla-firefox <unfixed> (bug #336171; low)
+	- firefox 1.4.99+1.5rc3.dfsg-2 (bug #336171; low)
+	NOTE: Only a DoS attack, see http://bugzilla.mozilla.org/show_bug.cgi?id=303433
 CVE-2005-3341 [Insecure temp files in dhis-tools-dns]
 	RESERVED
 	- dhis-tools-dns 5.0-5
@@ -5742,8 +5744,8 @@
 CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
 	NOT-FOR-US: Contrexx
 CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
-	- mozilla-firefox (bug #327549; medium)
-	- mozilla (bug #327550; medium)
+	- mozilla-firefox (bug #327549; low)
+	- mozilla (bug #327550; low)
 	TODO: check more Mozilla-based browsers
 CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
 	NOT-FOR-US: Atomic Photo Album
@@ -5819,8 +5821,8 @@
 CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
 	- mediawiki 1.4.9 (bug #276057)
 CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
-	- mozilla-firefox <unfixed> (bug #320539; medium)
-	- mozilla <unfixed> (bug #320538; medium)
+	- mozilla-firefox <unfixed> (bug #320539; low)
+	- mozilla <unfixed> (bug #320538; low)
 CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
 	NOT-FOR-US: CuteNews
 CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)

More information about the Secure-testing-commits mailing list