[Secure-testing-commits] r9925 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Oct 1 20:22:39 UTC 2008
Author: jmm-guest
Date: 2008-10-01 20:22:38 +0000 (Wed, 01 Oct 2008)
New Revision: 9925
Modified:
data/CVE/list
Log:
- add iceape to latest mozilla round, iceweasel and icedove
still missing
- fix gpicview entry
- lazarus temp issue is a non-issue
- one kernel issue fixed
- bluez-libs fixed some time ago
- older kdebase issue won't be fixed for Lenny either
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-10-01 15:52:11 UTC (rev 9924)
+++ data/CVE/list 2008-10-01 20:22:38 UTC (rev 9925)
@@ -627,31 +627,43 @@
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
- TODO: check
+ - iceape 1.1.12-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
- TODO: check
+ - iceape 1.1.12-1
+ - xulrunner 1.9.0.3-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
NOT-FOR-US: Objective Development Sharity
CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
@@ -1174,10 +1186,12 @@
NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
- xulrunner 1.9.0.3-1
+ - iceape 1.1.12-1
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
TODO: check
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
TODO: check
+ - iceape 1.1.12-1
CVE-2008-3834
RESERVED
CVE-2008-3833
@@ -1435,7 +1449,7 @@
NOTE: CVE id requested
NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
- - gpicview 0.1.10-1 (unimportant; low; bug #497005)
+ - gpicview 0.1.10-1 (unimportant; bug #497005)
NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
NOTE: non-issue, not exploitable by other users
NOTE: CVE id requested
@@ -1450,7 +1464,8 @@
CVE-2008-XXXX [vdr: insecure temp file]
- vdr 1.6.0-6 (low; bug #496421)
CVE-2008-XXXX [lazarus: insecure temp file]
- - lazarus 0.9.24-0-11 (low)
+ - lazarus 0.9.24-0-11 (unimportant; bug #496377)
+ NOTE: Not exploitable, see comments in buglog
CVE-2008-XXXX [crossfire-maps: insecure temp file]
- crossfire-maps 1.11.0-2 (low)
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
@@ -1970,7 +1985,7 @@
- linux-2.6 2.6.26-4
[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.26-7
- linux-2.6.24 <unfixed>
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...)
TODO: check
@@ -4597,7 +4612,7 @@
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...)
- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
- - bluez-libs <unfixed> (low)
+ - bluez-libs 3.34 (low)
- bluez-utils 3.34 (low)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
@@ -10336,9 +10351,11 @@
CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...)
NOT-FOR-US: Safari
CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...)
- - kdebase <unfixed> (low; bug #458968)
+ - kdebase 4:4.0.3-1 (low; bug #458968)
[etch] - kdebase <no-dsa> (Minor issue)
+ [lenny] - kdebase <no-dsa> (Minor issue)
NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
+ NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
REJECTED
- iceape <unfixed> (low)
@@ -10902,6 +10919,7 @@
RESERVED
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
TODO: check
+ - iceape 1.1.12-1
CVE-2008-0015
RESERVED
CVE-2008-0014
More information about the Secure-testing-commits
mailing list