[Secure-testing-commits] r5148 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Tue Dec 19 23:07:42 CET 2006
Author: stef-guest
Date: 2006-12-19 23:07:40 +0100 (Tue, 19 Dec 2006)
New Revision: 5148
Modified:
data/CVE/list
Log:
- many new issues for mozilla & friends (high)
- converted unfixed firefox issues to iceweasel
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-12-19 19:50:46 UTC (rev 5147)
+++ data/CVE/list 2006-12-19 22:07:40 UTC (rev 5148)
@@ -149,28 +149,110 @@
NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
- phpbb2 <unfixed> (bug #402140)
-CVE-2006-6507
+CVE-2006-6507 [XSS using outer window's Function object]
RESERVED
-CVE-2006-6506
+ NOTE: MFSA-2006-76
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+CVE-2006-6506 [ RSS Feed-preview referrer leak]
RESERVED
-CVE-2006-6505
+ NOTE: MFSA-2006-75
+ - iceweasel <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ - iceape <unfixed> (low)
+CVE-2006-6505 [Mail header processing heap overflows]
RESERVED
-CVE-2006-6504
+ NOTE: MFSA-2006-74
+ - mozilla-thunderbird <removed> (high)
+ - thunderbird <removed> (high)
+ - icedove <unfixed> (high)
+CVE-2006-6504 [Mozilla SVG Processing Remote Code Execution]
RESERVED
-CVE-2006-6503
+ NOTE: MFSA-2006-73
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+CVE-2006-6503 [XSS by setting img.src to javascript: URI]
RESERVED
-CVE-2006-6502
+ NOTE: MFSA-2006-72
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+CVE-2006-6502 [LiveConnect crash finalizing JS objects]
RESERVED
-CVE-2006-6501
+ NOTE: MFSA-2006-71
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (low)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+CVE-2006-6501 [Privilege escallation using watch point]
RESERVED
-CVE-2006-6500
+ NOTE: MFSA-2006-70
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (low)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+CVE-2006-6500 [CSS cursor image buffer overflow (Windows only)]
RESERVED
-CVE-2006-6499
+ NOTE: MFSA-2006-69
+ - iceweasel <not-affected> (windows only)
+ - xulrunner <not-affected> (windows only)
+ - iceape <not-affected> (windows only)
+ - firefox <not-affected> (windows only)
+ - mozilla <not-affected> (windows only)
+ - mozilla-firefox <not-affected> (windows only)
+ - mozilla-thunderbird <not-affected> (windows only)
+ - thunderbird <not-affected> (windows only)
+CVE-2006-6499 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2006-6498
+ NOTE: MFSA-2006-68
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (low)
+ - thunderbird <removed> (low)
+CVE-2006-6498 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2006-6497
+ NOTE: MFSA-2006-68
+ - iceweasel <unfixed> (high)
+ - xulrunner <unfixed> (high)
+ - iceape <unfixed> (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - mozilla-firefox <removed> (high)
+ - mozilla-thunderbird <removed> (low)
+ - thunderbird <removed> (low)
+CVE-2006-6497 [Crashes with evidence of memory corruption]
RESERVED
+ NOTE: MFSA-2006-68
+ - iceweasel <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ - iceape <unfixed> (medium)
+ - firefox <removed> (medium)
+ - mozilla <removed> (medium)
+ - mozilla-firefox <removed> (medium)
+ - mozilla-thunderbird <removed> (low)
+ - thunderbird <removed> (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
@@ -1762,13 +1844,15 @@
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65
- - firefox <unfixed> (high)
+ - firefox <removed> (high)
+ - iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
NOTE: MFSA-2006-65
- - firefox <unfixed> (high)
+ - firefox <removed> (high)
+ - iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (medium)
[sarge] - mozilla <not-affected> (Vulnerable code not present)
@@ -2009,7 +2093,8 @@
CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
- - firefox <unfixed> (unimportant)
+ - firefox <removed> (unimportant)
+ - iceweasel <unfixed> (unimportant)
- icedove <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
- xulrunner <unfixed> (unimportant)
@@ -2379,14 +2464,16 @@
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-65
- - firefox <unfixed> (low)
+ - firefox <removed> (low)
+ - iceweasel 2.0+dfsg-1 (low)
- icedove 1.5.0.8-1 (low)
- mozilla <unfixed> (low)
- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
NOTE: MFSA-2006-67
- - firefox <unfixed> (high)
+ - firefox <removed> (high)
+ - iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
- xulrunner 1.8.0.8-1 (high)
@@ -2395,7 +2482,8 @@
NOTE: MFSA-2006-66
NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
NOTE: the fixes for CVE-2006-4340 were incomplete
- - firefox <unfixed> (high)
+ - firefox <removed> (high)
+ - iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- mozilla <unfixed> (high)
- xulrunner 1.8.0.8-1 (high)
@@ -4957,7 +5045,8 @@
NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
- - firefox <unfixed>
+ - firefox <removed>
+ - iceweasel <unfixed>
- mozilla <unfixed>
- mozilla-firefox <unfixed>
- xulrunner 1.8.0.8-1
@@ -8608,7 +8697,8 @@
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
- - firefox <unfixed> (unimportant)
+ - firefox <removed> (unimportant)
+ - iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
- mozilla-firefox <unfixed> (unimportant)
- xulrunner <unfixed> (unimportant)
@@ -13986,7 +14076,8 @@
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
- - firefox <unfixed> (bug #349339)
+ - firefox <removed> (bug #349339)
+ - iceweasel <unfixed> (bug #349339)
NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
- mozilla <unfixed>
@@ -14097,7 +14188,8 @@
NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
NOTE: see CVE-2005-4684
- - firefox <unfixed> (unimportant)
+ - firefox <removed> (unimportant)
+ - iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
[sarge] - mozilla <no-dsa> (Hardly exploitable)
- xulrunner <unfixed> (unimportant)
@@ -21876,7 +21968,8 @@
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
- - firefox <unfixed> (bug #320539; unimportant)
+ - firefox <removed> (bug #320539; unimportant)
+ - iceweasel <unfixed> (bug #320539; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
- mozilla <unfixed> (bug #320538; unimportant)
NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
@@ -29267,7 +29360,8 @@
NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
NOTE: generally try to make sense of anything even remotely resembling HTML.
- - firefox <unfixed> (unimportant)
+ - firefox <removed> (unimportant)
+ - iceweasel <unfixed> (unimportant)
- mozilla <unfixed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
NOT-FOR-US: mailcarrier
More information about the Secure-testing-commits
mailing list