[Secure-testing-commits] r4447 - in data: CVE DSA

Sun Jul 23 23:01:35 UTC 2006

Author: alec-guest
Date: 2006-07-23 23:01:32 +0000 (Sun, 23 Jul 2006)
New Revision: 4447

Modified:
   data/CVE/list
   data/DSA/list
Log:
* DSA-1120
* record versions of mozilla fixed in unstable (from DSA-1118)
* remove references to sarge's mozilla-firefox in the CVEs DSA-1120 fixes


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2006-07-23 09:14:20 UTC (rev 4446)
+++ data/CVE/list	2006-07-23 23:01:32 UTC (rev 4447)
@@ -2003,26 +2003,23 @@
 	{DSA-1118}
 	NOTE: MFSA-2006-31
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
-	[sarge] - mozilla-firefox <unfixed> (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-33
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
-	[sarge] - mozilla-firefox <unfixed> (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-34
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
-	[sarge] - mozilla-firefox <unfixed> (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
 	{DSA-1118}
@@ -2035,76 +2032,69 @@
 	{DSA-1118}
 	NOTE: MFSA-2006-42
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
-	[sarge] - mozilla-firefox <unfixed> (medium)
 	- thunderbird 1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-41
 	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
 	[sarge] - mozilla-thunderbird <unfixed> (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 1.7.13-0.3 (medium)
 	- xulruner 1.8.0.4-1 (medium)
 CVE-2006-2781 (Double-free vulnerability in Mozilla Thunderbird before 1.5.0.4 and ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-40
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-32
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-32
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-38
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-43
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner <unfixed> (high)
 CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-37
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
 	{DSA-1118}
 	NOTE: MFSA-2006-35
 	- firefox 1.5.dfsg+1.5.0.4-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
 	- thunderbird 1.5.0.4-1 (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
-	- mozilla <unfixed> (high)
+	- mozilla 1.7.13-0.3 (high)
 	- xulruner 1.8.0.4-1 (high)
 CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
 	NOT-FOR-US: QontentOne
@@ -3969,10 +3959,9 @@
 	{DSA-1118}
 	NOTE: MFSA-2006-39
 	- firefox 1.5.dfsg+1.5.0.4-1 (low)
-	[sarge] - mozilla-firefox <unfixed> (low)
 	- thunderbird <unfixed> (low)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
-	- mozilla <unfixed> (low)
+	- mozilla 1.7.13-0.3 (low)
 	- xulruner <unfixed> (low)
 CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
 	NOT-FOR-US: Neon Responder

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-07-23 09:14:20 UTC (rev 4446)
+++ data/DSA/list	2006-07-23 23:01:32 UTC (rev 4447)
@@ -1,3 +1,6 @@
+[23 Jul 2006] DSA-1120 mozilla-firefox - several vulnerabilities
+        {CVE-2006-1942 CVE-2006-2775 CVE-2006-2776 CVE-2006-2777 CVE-2006-2778 CVE-2006-2779 CVE-2006-2780 CVE-2006-2782 CVE-2006-2783 CVE-2006-2784 CVE-2006-2785 CVE-2006-2786 CVE-2006-2787}
+        [sarge] - mozilla-firefox 1.0.4-2sarge9
 [23 Jul 2006] DSA-1119 hiki - design flaw
         {CVE-2006-3379}
         [sarge] - hiki 0.6.5-2


