[Secure-testing-commits] r4268 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Tue Jun 20 18:48:17 UTC 2006


Author: stef-guest
Date: 2006-06-20 18:48:15 +0000 (Tue, 20 Jun 2006)
New Revision: 4268

Modified:
   data/CVE/list
Log:
- many mozilla fixes in 1.7.13
- gcjwebplugin fixed in classpath in experimental
- dovecot and postfix had to be changed for postgres CVE-2006-2314



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-06-20 11:48:46 UTC (rev 4267)
+++ data/CVE/list	2006-06-20 18:48:15 UTC (rev 4268)
@@ -1742,6 +1742,8 @@
 	NOTE: psycopg 1.1.21-5 (bug #369230)
 	NOTE: python-pgsql 2.4.0-8 (bug #369250)
 	NOTE: pygresql 1:3.8-1.1 (bug #369239)
+	NOTE: dovecot 1.0.beta8-3 (bug #369359)
+	NOTE: postfix 2.2.10-2 (bug #369349)
 CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
 	{DSA-1087-1}
 	- postgresql 7.5.4 (high; bug #368645)
@@ -2953,6 +2955,7 @@
 	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
+	- mozilla 2:1.7.13-0.1
 CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
 	NOT-FOR-US: QuickBlogger
 CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
@@ -3052,7 +3055,7 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	- xulrunner 1.8.0.1-9
@@ -3062,69 +3065,69 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
-	- mozilla <unfixed> (low)
+	- mozilla 2:1.7.13-0.1 (low)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
-	- mozilla <unfixed> (low)
+	- mozilla 2:1.7.13-0.1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
-	- mozilla <unfixed> (high)
+	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
-	- mozilla <unfixed> (high)
+	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
-	- mozilla <unfixed> (high)
+	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	- xulrunner 1.8.0.1-9
@@ -3132,14 +3135,14 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
-	- mozilla <unfixed> (high)
+	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
@@ -3149,7 +3152,7 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	- xulrunner 1.8.0.1-9
 	NOTE: Can likely be used to steal OpenSSH keys and the like.
@@ -3165,7 +3168,7 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
-	- mozilla <unfixed> (medium)
+	- mozilla 2:1.7.13-0.1 (medium)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	- xulrunner 1.8.0.1-9
@@ -5205,6 +5208,7 @@
 	- thunderbird 1.5.0.2-1
 	- firefox 1.5.dfsg+1.5.0.2-1
 	- xulrunner 1.8.0.1-9
+	- mozilla 2:1.7.13-0.1
 CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
 	- xscreensaver 4.21-1
 	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
@@ -5497,14 +5501,14 @@
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2 (low)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
-	- mozilla <unfixed> (low)
+	- mozilla 2:1.7.13-0.1 (low)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
-	- mozilla <unfixed> (high)
+	- mozilla 2:1.7.13-0.1 (high)
 	- thunderbird 1.5.0.2-1 (high)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
 	- xulrunner 1.8.0.1-9
@@ -6674,7 +6678,7 @@
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
-	- mozilla <not-affected> (Mozilla 1.7 is not affected)
+	- mozilla 2:1.7.13-0.1
 	- thunderbird 1.5.0.2-1
 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
@@ -6692,12 +6696,14 @@
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
+	- mozilla 2:1.7.13-0.1
 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	[sarge] - mozilla-firefox 1.0.4-2sarge6
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
+	- mozilla 2:1.7.13-0.1
 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
 	NOT-FOR-US: Oracle
 CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
@@ -8437,7 +8443,7 @@
 CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
-	- mozilla <unfixed> (unimportant)
+	- mozilla 2:1.7.13-0.1 (unimportant)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
 	NOTE: Not exploitable beyond a sluggish browser startup, see
 	NOTE: http://www.mozilla.org/security/history-title.html
@@ -13584,6 +13590,8 @@
 	- mldonkey 2.5.28.1-1 (bug #300560; low)
 CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
 	- gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
+	NOTE: this is fixed in the gcjwebplugin built from the classpath 2:0.91+cvs20060611-1 source
+	NOTE: package (currently in experimental)
 CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
 	- dbmail-pgsql <unfixed> (bug #290833; medium)
 CVE-2005-XXXX [time delay of password check proves account existence to attackers]




More information about the Secure-testing-commits mailing list