[Secure-testing-commits] r5484 - data/CVE
Stefan Fritsch
stef-guest at alioth.debian.org
Sun Feb 25 16:21:19 UTC 2007
Author: stef-guest
Date: 2007-02-25 17:21:16 +0100 (Sun, 25 Feb 2007)
New Revision: 5484
Modified:
data/CVE/list
Log:
- new mozilla issues, iceweasle fixed
- dbmail fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-02-23 21:42:25 UTC (rev 5483)
+++ data/CVE/list 2007-02-25 16:21:16 UTC (rev 5484)
@@ -95,8 +95,15 @@
RESERVED
CVE-2007-0996
RESERVED
-CVE-2007-0995
+CVE-2007-0995 [mozilla Child frame character set inheritance]
RESERVED
+ NOTE: MFSA-2007-02
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ [sarge] - mozilla-tunderbird <unfixed> (low)
+ [sarge] - mozilla-firefox <unfixed> (low)
+ [sarge] - mozilla <unfixed> (low)
CVE-2007-0994
RESERVED
CVE-2007-0993
@@ -129,6 +136,7 @@
- asterisk-chan-capi <unfixed> (bug #411293)
- linux-2.6 <unfixed> (bug #411294)
CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote attackers to ...)
+ NOTE: MFSA-2007-07
- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
- xulrunner <unfixed> (high)
- iceape <unfixed> (high)
@@ -637,7 +645,12 @@
- iceweasel <unfixed> (low)
- firefox <removed> (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
- - iceweasel <unfixed> (medium)
+ NOTE: MFSA-2007-05
+ - iceweasel 2.0.0.2+dfsg-1 (medium)
+ - iceape <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ [sarge] - mozilla <unfixed> (medium)
- firefox <removed> (medium)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
NOT-FOR-US: Ublog Reload
@@ -680,17 +693,59 @@
CVE-2007-0781
RESERVED
CVE-2007-0780
+ RESERVED [mozilla XSS and local file access by opening blocked popups]
+ NOTE: MFSA-2007-05
+ - iceweasel 2.0.0.2+dfsg-1 (medium)
+ - iceape <unfixed> (medium)
+ - xulrunner <unfixed> (medium)
+ [sarge] - mozilla-firefox <unfixed> (medium)
+ [sarge] - mozilla <unfixed> (medium)
+CVE-2007-0779 [mozilla Spoofing using custom cursor and CSS3 hotspot]
RESERVED
-CVE-2007-0779
+ NOTE: MFSA-2007-04
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ [sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
+ [sarge] - mozilla <not-affected> (introduced in firefox 1.5)
+CVE-2007-0778 [mozilla Information disclosure through cache collisions]
RESERVED
-CVE-2007-0778
+ NOTE: MFSA-2007-03
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (low)
+ [sarge] - mozilla-firefox <unfixed> (low)
+ [sarge] - mozilla <unfixed> (low)
+CVE-2007-0777 [mozilla Crashes with evidence of memory corruption]
RESERVED
-CVE-2007-0777
+ NOTE: MFSA-2007-01
+ - iceweasel 2.0.0.2+dfsg-1 (high)
+ - iceape <unfixed> (high)
+ - icedove <unfixed> (low)
+ - xulrunner <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla <unfixed> (high)
+CVE-2007-0776 [mozilla Crashes with evidence of memory corruption]
RESERVED
-CVE-2007-0776
+ NOTE: MFSA-2007-01
+ - iceweasel 2.0.0.2+dfsg-1 (high)
+ - iceape <unfixed> (high)
+ - icedove <unfixed> (low)
+ - xulrunner <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla <unfixed> (high)
+CVE-2007-0775 [mozilla Crashes with evidence of memory corruption]
RESERVED
-CVE-2007-0775
- RESERVED
+ NOTE: MFSA-2007-01
+ - iceweasel 2.0.0.2+dfsg-1 (high)
+ - iceape <unfixed> (high)
+ - icedove <unfixed> (low)
+ - xulrunner <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
+ [sarge] - mozilla <unfixed> (high)
CVE-2007-0774
RESERVED
CVE-2007-0773
@@ -2577,6 +2632,7 @@
NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
NOT-FOR-US: Adobe Acrobat Reader Plugin
+ NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043
@@ -3095,10 +3151,24 @@
{DSA-1256-1}
- gtk+2.0 2.8.20-5
TODO: check gdk-pixbuf
-CVE-2007-0009
+CVE-2007-0009 [mozilla SSLv2 Server Stack Overflow Vulnerability]
RESERVED
-CVE-2007-0008
+ NOTE: MFSA-2007-06
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla <unfixed> (high)
+ - firefox <removed> (high)
+CVE-2007-0008 [SSLv2 Client Integer Underflow Vulnerability]
RESERVED
+ NOTE: MFSA-2007-06
+ - iceweasel 2.0.0.2+dfsg-1 (low)
+ - iceape <unfixed> (low)
+ - xulrunner <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla <unfixed> (high)
+ - firefox <removed> (high)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
- gnucash <unfixed> (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
@@ -4455,8 +4525,11 @@
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...)
NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...)
- - iceweasel <unfixed> (high; bug #409220)
- - mozilla-firefox <unfixed> (high)
+ NOTE: MFSA-2007-02
+ - iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
+ - iceape <unfixed> (high)
+ [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla <unfixed> (high)
- xulrunner <unfixed> (medium)
NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer ...)
@@ -24945,7 +25018,7 @@
- bidwatcher <removed> (bug #319489; low)
[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
- - dbmail <unfixed> (bug #303991; medium)
+ - dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
More information about the Secure-testing-commits
mailing list