[Secure-testing-commits] r4698 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at costa.debian.org
Thu Sep 7 20:34:19 UTC 2006 

Author: jmm-guest
Date: 2006-09-07 20:34:18 +0000 (Thu, 07 Sep 2006)
New Revision: 4698

Modified:
   data/CVE/list
   data/DSA/list
Log:
triage on mozilla issues
no-dsa for old, obscure php4 issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-09-07 20:16:14 UTC (rev 4697)
+++ data/CVE/list	2006-09-07 20:34:18 UTC (rev 4698)
@@ -192,10 +192,10 @@
 CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
 	NOT-FOR-US: Microsoft
 CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
-	- mozilla <unfixed> (medium)
+	- mozilla <unfixed> (low)
 	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
 	- xulrunner <not-affected>
-	TODO: check mozilla-firefox from sarge
+	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
 CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
 	NOT-FOR-US: Microsoft
 CVE-2006-XXXX [tikiwiki security issue in jhot.php]
@@ -9985,9 +9985,7 @@
 	- xulrunner 1.8.0.1-9
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
 	{DSA-1051-1}
-	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
 	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
-	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
 	- mozilla 2:1.7.13-0.1
 	- thunderbird 1.5.0.2-1
 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
@@ -15126,7 +15124,8 @@
 	- phpwiki 1.3.12p2-1 (bug #282565; medium)
 CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
 	- php4 <unfixed> (bug #317577; bug #330419; low)
-	NOTE: Maintainer can't reproduce
+	[sarge] - php4 <no-dsa> (Basedir violations not supported)
+	NOTE: Unreproducible
 CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
 	- gnumach 1:20050801-3 (bug #46709)
 	NOTE: Nearly six years old :-)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2006-09-07 20:16:14 UTC (rev 4697)
+++ data/DSA/list	2006-09-07 20:34:18 UTC (rev 4698)
@@ -399,7 +399,7 @@
         {CVE-2006-1629}
         [sarge] - openvpn 2.0-1sarge3
 [26 Apr 2006] DSA-1044-1 mozilla-firefox - several
-        {CVE-2006-1724 CVE-2006-0292 CVE-2005-4134 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CVE-2005-4720}
+        {CVE-2006-1724 CVE-2006-0292 CVE-2005-4134 CVE-2006-1741 CVE-2006-1742 CVE-2006-1737 CVE-2006-1738 CVE-2006-1739 CVE-2006-1740 CVE-2006-1736 CVE-2006-1735 CVE-2006-1734 CVE-2006-1733 CVE-2006-1732 CVE-2006-0749 CVE-2006-1731 CVE-2006-1730 CVE-2006-1729 CVE-2006-1728 CVE-2006-1727 CVE-2006-0748 CVE-2005-4720 CVE-2006-0296}
         [sarge] - mozilla-firefox 1.0.4-2sarge6
 [26 Apr 2006] DSA-1043-1 abcmidi - buffer overflows
         {CVE-2006-1514}

More information about the Secure-testing-commits mailing list