[Secure-testing-commits] r4268 - data/CVE
Stefan Fritsch
stef-guest at costa.debian.org
Tue Jun 20 18:48:17 UTC 2006
Author: stef-guest
Date: 2006-06-20 18:48:15 +0000 (Tue, 20 Jun 2006)
New Revision: 4268
Modified:
data/CVE/list
Log:
- many mozilla fixes in 1.7.13
- gcjwebplugin fixed in classpath in experimental
- dovecot and postfix had to be changed for postgres CVE-2006-2314
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2006-06-20 11:48:46 UTC (rev 4267)
+++ data/CVE/list 2006-06-20 18:48:15 UTC (rev 4268)
@@ -1742,6 +1742,8 @@
NOTE: psycopg 1.1.21-5 (bug #369230)
NOTE: python-pgsql 2.4.0-8 (bug #369250)
NOTE: pygresql 1:3.8-1.1 (bug #369239)
+ NOTE: dovecot 1.0.beta8-3 (bug #369359)
+ NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
{DSA-1087-1}
- postgresql 7.5.4 (high; bug #368645)
@@ -2953,6 +2955,7 @@
- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
+ - mozilla 2:1.7.13-0.1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
NOT-FOR-US: QuickBlogger
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
@@ -3052,7 +3055,7 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- xulrunner 1.8.0.1-9
@@ -3062,69 +3065,69 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- - mozilla <unfixed> (low)
+ - mozilla 2:1.7.13-0.1 (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
- - mozilla <unfixed> (low)
+ - mozilla 2:1.7.13-0.1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- - mozilla <unfixed> (high)
+ - mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- - mozilla <unfixed> (high)
+ - mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
- - mozilla <unfixed> (high)
+ - mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- xulrunner 1.8.0.1-9
@@ -3132,14 +3135,14 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla <unfixed> (high)
+ - mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
@@ -3149,7 +3152,7 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
- xulrunner 1.8.0.1-9
NOTE: Can likely be used to steal OpenSSH keys and the like.
@@ -3165,7 +3168,7 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla 2:1.7.13-0.1 (medium)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
- xulrunner 1.8.0.1-9
@@ -5205,6 +5208,7 @@
- thunderbird 1.5.0.2-1
- firefox 1.5.dfsg+1.5.0.2-1
- xulrunner 1.8.0.1-9
+ - mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
- xscreensaver 4.21-1
NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
@@ -5497,14 +5501,14 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2 (low)
- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
- - mozilla <unfixed> (low)
+ - mozilla 2:1.7.13-0.1 (low)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla <unfixed> (high)
+ - mozilla 2:1.7.13-0.1 (high)
- thunderbird 1.5.0.2-1 (high)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
- xulrunner 1.8.0.1-9
@@ -6674,7 +6678,7 @@
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- - mozilla <not-affected> (Mozilla 1.7 is not affected)
+ - mozilla 2:1.7.13-0.1
- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
@@ -6692,12 +6696,14 @@
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
+ - mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox 1.0.4-2sarge6
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
- thunderbird 1.5.0.2-1
+ - mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
@@ -8437,7 +8443,7 @@
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
- - mozilla <unfixed> (unimportant)
+ - mozilla 2:1.7.13-0.1 (unimportant)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
NOTE: Not exploitable beyond a sluggish browser startup, see
NOTE: http://www.mozilla.org/security/history-title.html
@@ -13584,6 +13590,8 @@
- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
- gcjwebplugin <unfixed> (bug #267040; bug #301134; high)
+ NOTE: this is fixed in the gcjwebplugin built from the classpath 2:0.91+cvs20060611-1 source
+ NOTE: package (currently in experimental)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
- dbmail-pgsql <unfixed> (bug #290833; medium)
CVE-2005-XXXX [time delay of password check proves account existence to attackers]
More information about the Secure-testing-commits
mailing list