[Secure-testing-commits] r10422 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Nov 19 17:35:01 UTC 2008 

Author: jmm-guest
Date: 2008-11-19 17:35:00 +0000 (Wed, 19 Nov 2008)
New Revision: 10422

Modified:
   data/CVE/list
Log:
new round of Mozilla issues
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-11-19 11:34:34 UTC (rev 10421)
+++ data/CVE/list	2008-11-19 17:35:00 UTC (rev 10422)
@@ -43,27 +43,27 @@
 CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2008-5109
 	RESERVED
 CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...)
 	NOT-FOR-US: Adobe AIR
 CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...)
-	TODO: check
+	NOT-FOR-US: Citrix PS
 CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...)
-	TODO: check
+	NOT-FOR-US: KarjaSoft Sami FTP Server
 CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...)
-	TODO: check
+	NOT-FOR-US: KarjaSoft Sami FTP Server
 CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
-	TODO: check
+	NOT-FOR-US: VMBuilder
 CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
-	TODO: check
+	NOT-FOR-US: VMBuilder
 CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
 	TODO: check
 CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...)
-	TODO: check
+	NOT-FOR-US: Microsoft .NET Framework
 CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)
-	TODO: check
+	NOT-FOR-US: Sun Logical Domain Manager
 CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
 	TODO: check
 CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...)
@@ -214,25 +214,53 @@
 CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in ...)
 	- libcdaudio 0.99.12p2-7 (bug #505478)
 CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...)
-	TODO: check
+ 	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- iceape <unfixed>
 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...)
-	TODO: check
+ 	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2008-5020
 	RESERVED
 CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
 CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
+	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
+	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
+	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
 CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
+	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
 CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...)
 	TODO: check
 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
@@ -580,7 +608,7 @@
 CVE-2008-4833
 	RESERVED
 CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...)
-	TODO: check
+	NOT-FOR-US: rPath
 CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...)
 	NOT-FOR-US: Adobe ColdFusion
 CVE-2008-4830
@@ -12789,7 +12817,9 @@
 CVE-2008-0018
 	RESERVED
 CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- xulrunner <unfixed>
+	- iceape <unfixed>
 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
 	{DSA-1649-1}
 	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected

More information about the Secure-testing-commits mailing list