[Secure-testing-commits] r5994 - data/CVE

Mon Jun 11 20:11:32 UTC 2007

Author: stef-guest
Date: 2007-06-11 20:11:32 +0000 (Mon, 11 Jun 2007)
New Revision: 5994

Modified:
   data/CVE/list
Log:
- new jffnms issues fixed
- xulrunner, iceape, iceweasel fixed


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-06-11 09:14:08 UTC (rev 5993)
+++ data/CVE/list	2007-06-11 20:11:32 UTC (rev 5994)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [jffnms multiple issues]
+	- jffnms 0.8.3dfsg.1-4
 CVE-2007-3129
 	RESERVED
 CVE-2007-3128
@@ -529,33 +531,49 @@
 	NOTE: Fix from 5.2.3 was ineffective
 CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
 	{DSA-1300-1}
-	- iceweasel <unfixed> (low)
-	- iceape <unfixed> (low)
+	NOTE: MFSA2007-17
+	- iceweasel 2.0.0.4-1 (low)
+	- iceape 1.1.2-1 (low)
 	- firefox <removed> (low)
 	- mozilla <removed> (low)
+	- xulrunner 1.8.1.4-1 (low)
 CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
 	{DSA-1300-1}
-	- iceweasel <unfixed> (medium)
-	- iceape <unfixed> (medium)
+	NOTE: MFSA2007-16
+	- iceweasel 2.0.0.4-1 (medium)
+	- iceape 1.1.2-1 (medium)
 	- firefox <removed> (medium)
 	- mozilla <removed> (medium)
+	- xulrunner 1.8.1.4-1 (medium)
 CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...)
-	- iceweasel <unfixed> (unimportant)
-	- iceape <unfixed> (unimportant)
+	NOTE: MFSA2007-13
+	- iceweasel 2.0.0.4-1 (unimportant)
+	- iceape 1.1.2-1 (unimportant)
 	- firefox <removed> (unimportant)
 	- mozilla <removed> (unimportant)
+	- xulrunner 1.8.1.4-1 (unimportant)
 CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...)
 	{DSA-1300-1}
-	- iceweasel <unfixed> (medium)
-	- iceape <unfixed> (medium)
-	- firefox <removed> (medium)
-	- mozilla <removed> (medium)
+	NOTE: MFSA2007-12
+	- iceweasel 2.0.0.4-1 (high)
+	- iceape 1.1.2-1 (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- thunderbird <removed> (low)
+	- icedove <unfixed> (low)
+	- xulrunner 1.8.1.4-1 (high)
+	[sarge] - mozilla-thunderbird <unfixed> (low)
 CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...)
 	{DSA-1300-1}
-	- iceweasel <unfixed> (medium)
-	- iceape <unfixed> (medium)
-	- firefox <removed> (medium)
-	- mozilla <removed> (medium)
+	NOTE: MFSA2007-12
+	- iceweasel 2.0.0.4-1 (high)
+	- iceape 1.1.2-1 (high)
+	- firefox <removed> (high)
+	- mozilla <removed> (high)
+	- thunderbird <removed> (low)
+	- icedove <unfixed> (low)
+	- xulrunner 1.8.1.4-1 (high)
+	[sarge] - mozilla-thunderbird <unfixed> (low)
 CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
 	NOT-FOR-US: PHPEcho CMS
 CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
@@ -3512,7 +3530,10 @@
 	NOT-FOR-US: Roxio
 CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
 	{DSA-1300-1}
-	NOT-FOR-US: No practical security implications
+	NOTE: Affects various clients, but no practical security implications
+	NOTE: MFSA2007-15
+	- icedove 2.0.0.4-1 (unimportant)
+	- iceape 1.1.2-1 (unimportant)
 CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
 	NOT-FOR-US: F-Secure
 CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
@@ -4003,7 +4024,10 @@
 	NOT-FOR-US: DropAFew
 CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
 	{DSA-1300-1}
-	TODO: check
+	NOTE: MFSA2007-14
+	- iceape 1.1.2-1 (low)
+	- iceweasel 2.0.0.4-1 (low)
+	- xulrunner 1.8.1.4-1 (low)
 CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
 	NOT-FOR-US: VirtueMart
 CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)


