[Secure-testing-commits] r7157 - data/CVE

stef-guest at alioth.debian.org stef-guest at alioth.debian.org
Wed Oct 31 17:31:24 UTC 2007


Author: stef-guest
Date: 2007-10-31 17:31:24 +0000 (Wed, 31 Oct 2007)
New Revision: 7157

Modified:
   data/CVE/list
Log:
update ice* data

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-10-31 17:27:56 UTC (rev 7156)
+++ data/CVE/list	2007-10-31 17:31:24 UTC (rev 7157)
@@ -1430,20 +1430,41 @@
 	RESERVED
 CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
 	{DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
-	- iceweasel 2.0.0.8-1
-	TODO: check other ice*
+	- iceweasel 2.0.0.8-1 (high)
+	- xulrunner <unfixed> (high)
+	- icedove <unfixed> (low)
+	- iceape <unfixed> (high)
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	- mozilla-thunderbird <removed>
+	NOTE: MFSA2007-29
 CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
 	{DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
-	- iceweasel 2.0.0.8-1
-	TODO: check other ice*
+	- iceweasel 2.0.0.8-1 (high)
+	- xulrunner <unfixed> (bug #447734; high)
+	- icedove <unfixed> (low)
+	- iceape <unfixed> (high)
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	- mozilla-thunderbird <removed>
+	NOTE: xulrunner 1.8.1.6-1 still vulnerable
+	NOTE: MFSA2007-29
 CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
-	TODO: check other ice*
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-35
 CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
-	TODO: check other ice*
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-34
 CVE-2007-5336
 	REJECTED
 CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
@@ -1452,7 +1473,11 @@
 CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1
-	TODO: check other ice*
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-33
 CVE-2007-5333
 	RESERVED
 CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
@@ -2705,6 +2730,9 @@
 	{DTSA-69-1}
 	- iceweasel <not-affected> (windows only issue)
 	- iceape <not-affected> (windows only issue)
+	- xulrunner <not-affected> (windows only issue)
+	- icedove <not-affected> (windows only issue)
+	NOTE: MFSA2007-36
 	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
 CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
 	- php5 <unfixed> (unimportant) 
@@ -4960,13 +4988,21 @@
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
-	- icedove <unfixed> (medium)
+	- icedove 2.0.0.6-1 (medium)
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	- mozilla-thunderbird <removed>
+	NOTE: MFSA2007-27
 CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
 	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
 	- iceweasel 2.0.0.6-1 (medium)
 	- xulrunner 1.8.1.6-1 (medium)
 	- iceape 1.1.3-2 (medium)
-	- icedove <unfixed> (medium)
+	- icedove 2.0.0.6-1 (medium)
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	- mozilla-thunderbird <removed>
+	NOTE: MFSA2007-26
 CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...)
 	{DSA-1363-1}
 	- linux-2.6 <unfixed> (bug #446073)
@@ -5225,16 +5261,19 @@
 	- iceape 1.1.3-1 (medium)
 	- xulrunner 1.8.1.5-1 (medium)
 	- iceweasel 2.0.0.5-1 (medium)
+	NOTE: MFSA2007-25
 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
 	- iceweasel 2.0.0.5-1 (high)
+	NOTE: MFSA2007-21
 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
+	NOTE: MFSA2007-19
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
 	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
 	- iceweasel 2.0.0.5-1 (high)
@@ -5242,12 +5281,14 @@
 	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
+	NOTE: MFSA2007-18
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
 	- iceweasel 2.0.0.5-1 (high)
 	- icedove 2.0.0.6-1 (high; bug #444010)
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
+	NOTE: MFSA2007-18
 CVE-2007-3733
 	RESERVED
 CVE-2007-3732
@@ -5395,6 +5436,7 @@
 CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
 	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
 	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
+	NOTE: MFSA2007-23
 CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
 	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
 CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
@@ -5426,6 +5468,7 @@
 	- iceweasel 2.0.0.5-1 (high)
 	- iceape 1.1.3-1 (high)
 	- xulrunner 1.8.1.5-1 (high)
+	NOTE: MFSA2007-24
 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
 	- sun-java5 1.5.0-12-1
 	[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -5773,6 +5816,11 @@
 CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (bug #438873; low)
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-32
 CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 ...)
 	TODO: check
 CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...)
@@ -6331,6 +6379,7 @@
 	NOT-FOR-US: Avaya IP Softphone
 CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
 	- iceweasel <not-affected> (Affects only Firefox in Windows)
+	NOTE: MFSA2007-22
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
@@ -6828,6 +6877,7 @@
 	- iceweasel 2.0.0.5-1 (low; bug #427691)
 	- iceape 1.1.3-1 (low)
 	- xulrunner 1.8.1.5-1 (low)
+	NOTE: MFSA2007-20
 CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
 	NOT-FOR-US: Comicsense
 CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
@@ -8698,6 +8748,11 @@
 CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low)
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-31
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
 CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
@@ -11677,7 +11732,11 @@
 CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does not ...)
 	{DSA-1396-1 DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low; bug #445514)
-	NOTE: Pending for upcoming security releases
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-30
 CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
 	NOT-FOR-US: Microsoft IE
 CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
@@ -23717,6 +23776,11 @@
 CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
 	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.4-1
+	- xulrunner <unfixed>
+	- iceape <unfixed>
+	- mozilla <removed>
+	- mozilla-firefox <removed>
+	NOTE: MFSA2007-32
 CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
 	NOT-FOR-US: GANTTy
 CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)




More information about the Secure-testing-commits mailing list