[Secure-testing-commits] r3956 - data/CVE

Stefan Fritsch stef-guest at costa.debian.org
Mon May 15 18:35:11 UTC 2006 

Author: stef-guest
Date: 2006-05-15 18:35:07 +0000 (Mon, 15 May 2006)
New Revision: 3956

Modified:
   data/CVE/list
Log:
xulrunner is affected by various mozilla issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-05-15 15:10:10 UTC (rev 3955)
+++ data/CVE/list	2006-05-15 18:35:07 UTC (rev 3956)
@@ -1373,6 +1373,7 @@
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+	- xulrunner 1.8.0.1-9
 	NOTE: The Mozilla Foundation labels this as "critical", but it's not
 	NOTE: clear if this bug is exploitable.
 CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
@@ -1444,6 +1445,7 @@
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+	- xulrunner 1.8.0.1-9
 CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox <unfixed> (medium)
@@ -1460,12 +1462,14 @@
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
 	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
 	NOTE: exploitable in the default configuration.
+	- xulrunner 1.8.0.1-9
 CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
 	- mozilla-firefox <unfixed> (medium)
 	- mozilla <unfixed> (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+	- xulrunner 1.8.0.1-9
 	NOTE: Can likely be used to steal OpenSSH keys and the like.
 CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1474,6 +1478,7 @@
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+	- xulrunner 1.8.0.1-9
 CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
 	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
@@ -1481,14 +1486,17 @@
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (medium)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
+	- xulrunner 1.8.0.1-9
 	NOTE: If print preview (and this bug) can be triggered from JavaScript,
 	NOTE: the urgency should probably be raised.
 CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
 	- firefox 1.5.dfsg+1.5.0.2-1 (high)
 	- thunderbird 1.5.0.2-1 (medium)
+	- xulrunner 1.8.0.1-9
 	NOTE: New bug in Firefox 1.5.
 CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
 	- firefox 1.5.dfsg+1.5.0.2-1 (low)
+	- xulrunner 1.8.0.1-9
 	NOTE: New bug in Firefox 1.5.
 CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
 	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
@@ -1496,6 +1504,7 @@
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+	- xulrunner 1.8.0.1-9
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
@@ -1506,6 +1515,7 @@
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
+	- xulrunner 1.8.0.1-9
 	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
 	NOT-FOR-US: ShopXS
@@ -2008,6 +2018,7 @@
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	- xulrunner 1.8.0.1-9
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
@@ -2017,6 +2028,7 @@
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	- xulrunner 1.8.0.1-9
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
@@ -2026,6 +2038,7 @@
 	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
 	- thunderbird 1.5.0.2-1 (low)
 	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
+	- xulrunner 1.8.0.1-9
 	NOTE: MFSA2006-20 says exploitability has not been confirmed.
 	NOTE: Thunderbird is potentially affected as well, but not in the
 	NOTE: default configuration.
@@ -3142,6 +3155,7 @@
 	- thunderbird 1.5.0.2-1
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- firefox 1.5.dfsg+1.5.0.2-1
+	- xulrunner 1.8.0.1-9
 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
 	NOT-FOR-US: LISTSERV
 CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...)
@@ -3484,6 +3498,7 @@
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- thunderbird 1.5.0.2-1
 	- firefox 1.5.dfsg+1.5.0.2-1
+	- xulrunner 1.8.0.1-9
 CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
 	- xscreensaver 4.21-1
 	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
@@ -3783,6 +3798,7 @@
 	- mozilla <unfixed> (high)
 	- thunderbird 1.5.0.2-1 (high)
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
+	- xulrunner 1.8.0.1-9
 CVE-2006-0747
 	RESERVED
 CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
@@ -4931,6 +4947,7 @@
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
 	- mozilla-thunderbird <unfixed>
 	- thunderbird 1.5.0.2-1
+	- xulrunner 1.8.0.1-9
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
 	{DSA-1051-1}
 	- mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
@@ -16676,6 +16693,7 @@
 	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
 	- firefox 1.5.dfsg+1.5.0.2-1
 	- thunderbird 1.5.0.2-1
+	- xulrunner 1.8.0.1-9
 CVE-2005-XXXX [Directory traversal in unzoo]
 	- unzoo 4.4-4
 CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]

More information about the Secure-testing-commits mailing list