[Secure-testing-commits] r9925 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Wed Oct 1 20:22:39 UTC 2008 

Author: jmm-guest
Date: 2008-10-01 20:22:38 +0000 (Wed, 01 Oct 2008)
New Revision: 9925

Modified:
   data/CVE/list
Log:
- add iceape to latest mozilla round, iceweasel and icedove
  still missing
- fix gpicview entry
- lazarus temp issue is a non-issue
- one kernel issue fixed
- bluez-libs fixed some time ago
- older kdebase issue won't be fixed for Lenny either


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-01 15:52:11 UTC (rev 9924)
+++ data/CVE/list	2008-10-01 20:22:38 UTC (rev 9925)
@@ -627,31 +627,43 @@
 CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
-	TODO: check
+	- iceape 1.1.12-1
 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
-	TODO: check
+	- iceape 1.1.12-1
+	- xulrunner 1.9.0.3-1
 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
 	NOT-FOR-US: Objective Development Sharity
 CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
@@ -1174,10 +1186,12 @@
 	NOT-FOR-US: Solaris
 CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
 	- xulrunner 1.9.0.3-1
+	- iceape 1.1.12-1
 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
 	TODO: check
 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
 	TODO: check
+	- iceape 1.1.12-1
 CVE-2008-3834
 	RESERVED
 CVE-2008-3833
@@ -1435,7 +1449,7 @@
 	NOTE: CVE id requested
 	NOTE: non-issue, not exploitable by other users
 CVE-2008-XXXX [Overwrite certain images without notice]
-	- gpicview 0.1.10-1 (unimportant; low; bug #497005)
+	- gpicview 0.1.10-1 (unimportant; bug #497005)
 	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
 	NOTE: non-issue, not exploitable by other users
 	NOTE: CVE id requested
@@ -1450,7 +1464,8 @@
 CVE-2008-XXXX [vdr: insecure temp file]
 	- vdr 1.6.0-6 (low; bug #496421)
 CVE-2008-XXXX [lazarus: insecure temp file]
-	- lazarus 0.9.24-0-11 (low)
+	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
+	NOTE: Not exploitable, see comments in buglog
 CVE-2008-XXXX [crossfire-maps: insecure temp file]
 	- crossfire-maps 1.11.0-2 (low)
 CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
@@ -1970,7 +1985,7 @@
 	- linux-2.6 2.6.26-4
 	[etch] - linux-2.6 <not-affected>
 CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.26-7
 	- linux-2.6.24 <unfixed>
 CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...)
 	TODO: check
@@ -4597,7 +4612,7 @@
 CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...)
 	- vsftpd <not-affected> (debian versions all include the fix)
 CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
-	- bluez-libs <unfixed> (low)
+	- bluez-libs 3.34 (low)
 	- bluez-utils 3.34 (low)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
 CVE-2008-2373
@@ -10336,9 +10351,11 @@
 CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...)
 	NOT-FOR-US: Safari
 CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...)
-	- kdebase <unfixed> (low; bug #458968)
+	- kdebase 4:4.0.3-1 (low; bug #458968)
 	[etch] - kdebase <no-dsa> (Minor issue)
+	[lenny] - kdebase <no-dsa> (Minor issue)
 	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
+	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
 CVE-2007-6590
 	REJECTED
 	- iceape <unfixed> (low)
@@ -10902,6 +10919,7 @@
 	RESERVED
 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
 	TODO: check
+	- iceape 1.1.12-1
 CVE-2008-0015
 	RESERVED
 CVE-2008-0014

More information about the Secure-testing-commits mailing list