[Secure-testing-commits] r2129 - in data: CAN CVE DSA

Fri Sep 23 10:47:12 UTC 2005

Author: fw
Date: 2005-09-23 10:47:08 +0000 (Fri, 23 Sep 2005)
New Revision: 2129

Modified:
   data/CAN/list
   data/CVE/list
   data/DSA/list
Log:
Add more epochs to mozilla, mozilla-browser versions.


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-09-23 10:35:53 UTC (rev 2128)
+++ data/CAN/list	2005-09-23 10:47:08 UTC (rev 2129)
@@ -12244,33 +12244,33 @@
 	NOTE: rejected
 CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
 	NOTE: not-for-us (non-debian package issue)
 CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
 	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 1.7.3
+	- mozilla 2:1.7.3
 	- mozilla-thunderbird 0.8
 CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
 	NOTE: not-for-us (Microsoft)
@@ -12547,7 +12547,7 @@
 CAN-2004-0780
 	NOTE: reserved
 CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
-	- mozilla 1.7
+	- mozilla 2:1.7
 	- mozilla-firefox 0.9
 CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
 	- cvs 1.12.9
@@ -15610,7 +15610,9 @@
 	NOTE: mutt and balsa might still be vulnerable
 	NOTE: but it's only a crasher
 CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
-	- mozilla 1.4b
+	- mozilla 2:1.5-1
+	NOTE: May have been fixed in an earlier version.  Not clear how
+	NOTE: Mozilla's a/b versions map to the Debian version.
 CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
 	- uw-imap 7:2002c
 	NOTE: did not check pine

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2005-09-23 10:35:53 UTC (rev 2128)
+++ data/CVE/list	2005-09-23 10:47:08 UTC (rev 2129)
@@ -39,7 +39,7 @@
 CVE-2004-0193
 	NOTE: not-for-us (realsecure/blackice)
 CVE-2004-0191
-	- mozilla-browser 1.7.3
+	- mozilla-browser 2:1.7.3
 	TODO: test
 CVE-2004-0190
 	NOTE: not-for-us (symantec)
@@ -830,7 +830,7 @@
 CVE-2002-1132
 	{DSA-191}
 CVE-2002-1126
-	- mozilla 1.2
+	- mozilla 2:1.2
 CVE-2002-1123
 	NOTE: not-for-us (Microsoft)
 CVE-2002-1122
@@ -878,7 +878,7 @@
 CVE-2002-1092
 	NOTE: not-for-us (Cisco)
 CVE-2002-1091
-	- mozilla 1.0.2
+	- mozilla 2:1.0.2
 CVE-2002-1088
 	NOTE: not-for-us (Novell GroupWise)
 CVE-2002-1081

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2005-09-23 10:35:53 UTC (rev 2128)
+++ data/DSA/list	2005-09-23 10:47:08 UTC (rev 2129)
@@ -180,7 +180,7 @@
 	NOTE: not fixed in testing at time of DSA (nor unstable)
 [17 Aug 2005] DSA-777-1 mozilla - frame injection spoofing
 	{CAN-2004-0718 CAN-2005-1937}
-	- mozilla-browser 1.7.10-1 (medium)
+	- mozilla-browser 2:1.7.10-1 (medium)
 	NOTE: not fixed in testing at time of DSA (waiting on builds)
 [16 Aug 2005] DSA-776-1 clamav - integer overflows, infinite loop
 	{CAN-2005-2450}


