[Secure-testing-commits] r7157 - data/CVE
stef-guest at alioth.debian.org
stef-guest at alioth.debian.org
Wed Oct 31 17:31:24 UTC 2007
Author: stef-guest
Date: 2007-10-31 17:31:24 +0000 (Wed, 31 Oct 2007)
New Revision: 7157
Modified:
data/CVE/list
Log:
update ice* data
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-31 17:27:56 UTC (rev 7156)
+++ data/CVE/list 2007-10-31 17:31:24 UTC (rev 7157)
@@ -1430,20 +1430,41 @@
RESERVED
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
{DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
- - iceweasel 2.0.0.8-1
- TODO: check other ice*
+ - iceweasel 2.0.0.8-1 (high)
+ - xulrunner <unfixed> (high)
+ - icedove <unfixed> (low)
+ - iceape <unfixed> (high)
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ - mozilla-thunderbird <removed>
+ NOTE: MFSA2007-29
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
{DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1}
- - iceweasel 2.0.0.8-1
- TODO: check other ice*
+ - iceweasel 2.0.0.8-1 (high)
+ - xulrunner <unfixed> (bug #447734; high)
+ - icedove <unfixed> (low)
+ - iceape <unfixed> (high)
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ - mozilla-thunderbird <removed>
+ NOTE: xulrunner 1.8.1.6-1 still vulnerable
+ NOTE: MFSA2007-29
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allows ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1
- TODO: check other ice*
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-35
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1
- TODO: check other ice*
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-34
CVE-2007-5336
REJECTED
CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
@@ -1452,7 +1473,11 @@
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1
- TODO: check other ice*
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-33
CVE-2007-5333
RESERVED
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
@@ -2705,6 +2730,9 @@
{DTSA-69-1}
- iceweasel <not-affected> (windows only issue)
- iceape <not-affected> (windows only issue)
+ - xulrunner <not-affected> (windows only issue)
+ - icedove <not-affected> (windows only issue)
+ NOTE: MFSA2007-36
NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
- php5 <unfixed> (unimportant)
@@ -4960,13 +4988,21 @@
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- - icedove <unfixed> (medium)
+ - icedove 2.0.0.6-1 (medium)
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ - mozilla-thunderbird <removed>
+ NOTE: MFSA2007-27
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
- iceweasel 2.0.0.6-1 (medium)
- xulrunner 1.8.1.6-1 (medium)
- iceape 1.1.3-2 (medium)
- - icedove <unfixed> (medium)
+ - icedove 2.0.0.6-1 (medium)
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ - mozilla-thunderbird <removed>
+ NOTE: MFSA2007-26
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...)
{DSA-1363-1}
- linux-2.6 <unfixed> (bug #446073)
@@ -5225,16 +5261,19 @@
- iceape 1.1.3-1 (medium)
- xulrunner 1.8.1.5-1 (medium)
- iceweasel 2.0.0.5-1 (medium)
+ NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
- iceweasel 2.0.0.5-1 (high)
+ NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
+ NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
@@ -5242,12 +5281,14 @@
NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
+ NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
- iceweasel 2.0.0.5-1 (high)
- icedove 2.0.0.6-1 (high; bug #444010)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
+ NOTE: MFSA2007-18
CVE-2007-3733
RESERVED
CVE-2007-3732
@@ -5395,6 +5436,7 @@
CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
+ NOTE: MFSA2007-23
CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
@@ -5426,6 +5468,7 @@
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
+ NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
- sun-java5 1.5.0-12-1
[etch] - sun-java5 <no-dsa> (Non-free not supported)
@@ -5773,6 +5816,11 @@
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1 (bug #438873; low)
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-32
CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 ...)
TODO: check
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...)
@@ -6331,6 +6379,7 @@
NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
- iceweasel <not-affected> (Affects only Firefox in Windows)
+ NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
@@ -6828,6 +6877,7 @@
- iceweasel 2.0.0.5-1 (low; bug #427691)
- iceape 1.1.3-1 (low)
- xulrunner 1.8.1.5-1 (low)
+ NOTE: MFSA2007-20
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
@@ -8698,6 +8748,11 @@
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1 (low)
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-31
[etch] - iceweasel <no-dsa> (Minor issue)
[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
@@ -11677,7 +11732,11 @@
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 does not ...)
{DSA-1396-1 DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1 (low; bug #445514)
- NOTE: Pending for upcoming security releases
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-30
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
@@ -23717,6 +23776,11 @@
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
{DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.4-1
+ - xulrunner <unfixed>
+ - iceape <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
+ NOTE: MFSA2007-32
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
More information about the Secure-testing-commits
mailing list