[Secure-testing-commits] r10723 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Dec 17 22:31:51 UTC 2008
Author: jmm-guest
Date: 2008-12-17 22:31:51 +0000 (Wed, 17 Dec 2008)
New Revision: 10723
Modified:
data/CVE/list
Log:
the "The usual suspects" commit:
- pile of Mozilla issues
- kernel issues
- wireshark updates
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-12-17 21:14:11 UTC (rev 10722)
+++ data/CVE/list 2008-12-17 22:31:51 UTC (rev 10723)
@@ -1,3 +1,5 @@
+CVE-2008-XXXX [wireshark WLCCP infinite loop]
+ - wireshark 1.0.5-1 (low; bug #506741)
CVE-2009-0040
RESERVED
CVE-2009-0039
@@ -227,34 +229,74 @@
RESERVED
CVE-2008-5514
RESERVED
-CVE-2008-5513
+CVE-2008-5513 [XSS vulnerabilities in SessionStore]
RESERVED
-CVE-2008-5512
+ - iceweasel <unfixed>
+CVE-2008-5512 [XBL bindings issue]
RESERVED
-CVE-2008-5511
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
+CVE-2008-5511 [XPCNativeWrappers issue]
RESERVED
-CVE-2008-5510
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
+CVE-2008-5510 [Escaped null characters ignored by CSS parser]
RESERVED
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
CVE-2008-5509
RESERVED
-CVE-2008-5508
+CVE-2008-5508 [Errors parsing URLs with leading whitespace and control characters]
RESERVED
-CVE-2008-5507
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
+CVE-2008-5507 [Cross-domain data theft via script redirect error message]
RESERVED
-CVE-2008-5506
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
+CVE-2008-5506 [XMLHttpRequest 302 response disclosure]
RESERVED
-CVE-2008-5505
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
+CVE-2008-5505 [User tracking via XUL persist attribute]
RESERVED
+ - iceweasel <unfixed>
CVE-2008-5504
RESERVED
CVE-2008-5503
RESERVED
CVE-2008-5502
RESERVED
+ - iceweasel 3.0
+ NOTE: Firefox 3 not affected
+ - iceape 1.1.10-1
+ - xulrunner 1.9.0.1-1
+ - icedove 2.0.0.16-1
CVE-2008-5501
RESERVED
+ - iceweasel 3.0
+ NOTE: Firefox 3 not affected
+ - iceape 1.1.10-1
+ - xulrunner 1.9.0.1-1
+ - icedove 2.0.0.16-1
CVE-2008-5500
RESERVED
+ - iceweasel <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ - xulrunner <unfixed>
CVE-2008-5499
RESERVED
CVE-2008-5498 [segfault and potential security issue in php5's bundled libgd's imagerotate]
@@ -941,7 +983,7 @@
CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...)
NOT-FOR-US: eSHOP100
CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...)
- - wireshark <unfixed> (low; bug #506741)
+ - wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...)
- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-XXXX [verlihub remote command execution and the possibility of attack with the help of symlinks]
@@ -960,7 +1002,7 @@
[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
{DSA-1687-1 DSA-1681-1}
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-12
- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
NOT-FOR-US: Microsoft Communicator
@@ -1051,6 +1093,7 @@
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
- ncbi-tools6 <unfixed> (unimportant)
NOTE: unsafe code is in example script
+ NOTE: Fixed in experimental
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
- geda-gnetlist <unfixed> (unimportant)
NOTE: unsafe code is an example script
@@ -1217,8 +1260,8 @@
- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ...)
{DSA-1687-1}
- - linux-2.6 <unfixed>
- - linux-2.6.24 <unfixed>
+ - linux-2.6 2.6.26-12
+ - linux-2.6.24 <removed>
NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078
RESERVED
More information about the Secure-testing-commits
mailing list