[Secure-testing-commits] r10723 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Dec 17 22:31:51 UTC 2008 

Author: jmm-guest
Date: 2008-12-17 22:31:51 +0000 (Wed, 17 Dec 2008)
New Revision: 10723

Modified:
   data/CVE/list
Log:
the "The usual suspects" commit:
- pile of Mozilla issues
- kernel issues
- wireshark updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-17 21:14:11 UTC (rev 10722)
+++ data/CVE/list	2008-12-17 22:31:51 UTC (rev 10723)
@@ -1,3 +1,5 @@
+CVE-2008-XXXX [wireshark WLCCP infinite loop]
+	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2009-0040
 	RESERVED
 CVE-2009-0039
@@ -227,34 +229,74 @@
 	RESERVED
 CVE-2008-5514
 	RESERVED
-CVE-2008-5513
+CVE-2008-5513 [XSS vulnerabilities in SessionStore]
 	RESERVED
-CVE-2008-5512
+	- iceweasel <unfixed>
+CVE-2008-5512 [XBL bindings issue]
 	RESERVED
-CVE-2008-5511
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
+CVE-2008-5511 [XPCNativeWrappers issue]
 	RESERVED
-CVE-2008-5510
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
+CVE-2008-5510 [Escaped null characters ignored by CSS parser]
 	RESERVED
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
 CVE-2008-5509
 	RESERVED
-CVE-2008-5508
+CVE-2008-5508 [Errors parsing URLs with leading whitespace and control characters]
 	RESERVED
-CVE-2008-5507
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
+CVE-2008-5507 [Cross-domain data theft via script redirect error message]
 	RESERVED
-CVE-2008-5506
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
+CVE-2008-5506 [XMLHttpRequest 302 response disclosure]
 	RESERVED
-CVE-2008-5505
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
+CVE-2008-5505 [User tracking via XUL persist attribute]
 	RESERVED
+	- iceweasel <unfixed>
 CVE-2008-5504
 	RESERVED
 CVE-2008-5503
 	RESERVED
 CVE-2008-5502
 	RESERVED
+	- iceweasel 3.0
+	NOTE: Firefox 3 not affected
+	- iceape 1.1.10-1
+	- xulrunner 1.9.0.1-1
+	- icedove 2.0.0.16-1
 CVE-2008-5501
 	RESERVED
+	- iceweasel 3.0
+	NOTE: Firefox 3 not affected
+	- iceape 1.1.10-1
+	- xulrunner 1.9.0.1-1
+	- icedove 2.0.0.16-1
 CVE-2008-5500
 	RESERVED
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
 CVE-2008-5499
 	RESERVED
 CVE-2008-5498 [segfault and potential security issue in php5's bundled libgd's imagerotate]
@@ -941,7 +983,7 @@
 CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...)
 	NOT-FOR-US: eSHOP100
 CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...)
-	- wireshark <unfixed> (low; bug #506741)
+	- wireshark 1.0.5-1 (low; bug #506741)
 CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...)
 	- shadow 1:4.1.1-6 (bug #505271)
 CVE-2008-XXXX [verlihub remote command execution and the possibility of attack with the help of symlinks]
@@ -960,7 +1002,7 @@
 	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
 CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
 	{DSA-1687-1 DSA-1681-1}
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.26-12
 	- linux-2.6.24 2.6.24-6~etchnhalf.7
 CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Microsoft Communicator
@@ -1051,6 +1093,7 @@
 CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
 	- ncbi-tools6 <unfixed> (unimportant)
 	NOTE: unsafe code is in example script
+	NOTE: Fixed in experimental
 CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
 	- geda-gnetlist <unfixed> (unimportant)
 	NOTE: unsafe code is an example script
@@ -1217,8 +1260,8 @@
 	- awstats 6.7.dfsg-5.1 (bug #495432; low)
 CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ...)
 	{DSA-1687-1}
-	- linux-2.6 <unfixed>
-	- linux-2.6.24 <unfixed>
+	- linux-2.6 2.6.26-12
+	- linux-2.6.24 <removed>
 	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
 CVE-2008-5078
 	RESERVED

More information about the Secure-testing-commits mailing list