[Secure-testing-commits] r13568 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Dec 16 10:41:09 UTC 2009
Author: jmm-guest
Date: 2009-12-16 10:41:09 +0000 (Wed, 16 Dec 2009)
New Revision: 13568
Modified:
data/CVE/list
data/embedded-code-copies
Log:
* new xulrunner issues
* sitecopy code copies fixed a long time ago
* xmlsec1 uses ltdl properly
* ggobi ltdl code copy fixed
* more severity adjustments for expat issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-16 09:14:37 UTC (rev 13567)
+++ data/CVE/list 2009-12-16 10:41:09 UTC (rev 13568)
@@ -911,24 +911,36 @@
RESERVED
CVE-2009-3988
RESERVED
-CVE-2009-3987
+CVE-2009-3987 [GeckoActiveXObject exception messages can be used to enumerate installed COM objects]
RESERVED
-CVE-2009-3986
+ - xulrunner <not-affected> (Windows-specific vulnerability)
+CVE-2009-3986 [Privilege escalation via chrome window.opener]
RESERVED
-CVE-2009-3985
+ - xulrunner <unfixed>
+CVE-2009-3985 [URL spoofing via invalid document.location]
RESERVED
-CVE-2009-3984
+ - xulrunner <unfixed>
+CVE-2009-3984 [SSL spoofing with document.location]
RESERVED
-CVE-2009-3983
+ - xulrunner <unfixed>
+CVE-2009-3983 [NTLM reflection vulnerability]
RESERVED
-CVE-2009-3982
+ - xulrunner <unfixed>
+CVE-2009-3982 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2009-3981
+ - xulrunner <unfixed>
+ [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
+CVE-2009-3981 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2009-3980
+ - xulrunner 1.9.1
+ NOTE: Only affects Firefox 3
+CVE-2009-3980 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2009-3979
+ - xulrunner <unfixed>
+ [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
+CVE-2009-3979 [Crashes with evidence of memory corruption]
RESERVED
+ - xulrunner <unfixed>
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
- xulrunner 1.9.1.5-1 (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -1545,7 +1557,9 @@
- collectd <unfixed> (low; bug #559801)
- courier-authlib <unfixed> (low; bug #559802)
- cvsnt <unfixed> (low; bug #559803)
- - ggobi <unfixed> (low; bug #559806)
+ - ggobi 2.1.9~20091212-1 (low; bug #559806)
+ [etch] - ggobi <no-dsa> (Minor issue)
+ [lenny] - ggobi <no-dsa> (Minor issue)
- glame <unfixed> (low; bug #559807)
- gnash <unfixed> (low; bug #559808)
- gnu-smalltalk <unfixed> (low; bug #559809)
@@ -1573,7 +1587,8 @@
- siproxd <unfixed> (low; bug #559827)
- ski <unfixed> (low; bug #559828)
- synfig <unfixed> (low; bug #559829)
- - xmlsec1 1.2.14-1 (low; bug #559831)
+ - xmlsec1 1.2.14-1 (unimportant; bug #559831)
+ NOTE: Embedded code copy isn't used
- clamav <unfixed> (low; bug #559832)
- imagemagick <unfixed> (low; bug #559833)
- hypre 2.4.0b-5 (low; bug #559834)
@@ -1699,7 +1714,6 @@
- poco <unfixed> (low; bug #560936)
[lenny] - poco <no-dsa> (minor issue)
- simgear <unfixed> (unimportant; bug #560937)
- - sitecopy <unfixed> (unimportant; bug #560938)
- smart <unfixed> (low; bug #560953)
[etch] - smart <no-dsa> (minor issue)
[lenny] - smart <no-dsa> (minor issue)
@@ -2193,14 +2207,9 @@
- ayttm 0.6.1-2 (low; bug #560924)
[etch] - ayttm <no-dsa> (minor issue)
[lenny] - ayttm <no-dsa> (minor issue)
- - cableswig <unfixed> (low; bug #560925)
- [etch] - cableswig <no-dsa> (minor issue)
- [lenny] - cableswig <no-dsa> (minor issue)
- - cadaver <unfixed> (low; bug #560926)
- [etch] - cadaver <no-dsa> (minor issue)
- [lenny] - cadaver <no-dsa> (minor issue)
- - cmake 2.6.0-6 (low; bug #560927)
- [etch] - cmake <no-dsa> (minor issue)
+ - cableswig <unfixed> (unimportant; bug #560925)
+ - cadaver <unfixed> (unimportant; bug #560926)
+ - cmake 2.6.0-6 (unimportant; bug #560927)
- coin3 <unfixed> (low; bug #560928)
- gdcm 2.0.14-2 (low; bug #560929)
- ghostscript <unfixed> (low; bug #560930)
@@ -2222,9 +2231,6 @@
- simgear <unfixed> (low; bug #560937)
[etch] - simgear <no-dsa> (minor issue)
[lenny] - simgear <no-dsa> (minor issue)
- - sitecopy <unfixed> (low; bug #560938)
- [etch] - sitecopy <no-dsa> (minor issue)
- [lenny] - sitecopy <no-dsa> (minor issue)
- smart <unfixed> (low; bug #560953)
[etch] - smart <no-dsa> (minor issue)
[lenny] - smart <no-dsa> (minor issue)
@@ -2686,10 +2692,16 @@
RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
-CVE-2009-3389
+CVE-2009-3389 [libtheora/Firefox]
RESERVED
-CVE-2009-3388
+ - libtheora 1.1
+ - xulrunner <unfixed>
+ [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
+CVE-2009-3388 [liboggplay/Firefox]
RESERVED
+ - liboggplay <unfixed>
+ - xulrunner <unfixed>
+ [lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3387
RESERVED
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2009-12-16 09:14:37 UTC (rev 13567)
+++ data/embedded-code-copies 2009-12-16 10:41:09 UTC (rev 13568)
@@ -424,7 +424,7 @@
[etch] - litmus <unfixed> (embed; #395875)
- litmus <removed> (embed; #395875)
[sarge] - screem <unfixed> (embed)
- - sitecopy 1:0.16.3-5 (embed; bug #395876)
+ - sitecopy 1:0.16.0-1 (embed; bug #395876)
[etch] - tla <unfixed> (embed; bug #395877)
[sarge] - tla <unfixed> (embed; bug #395877)
@@ -1107,7 +1107,7 @@
- paraview <unfixed> (embed)
- poco <unfixed> (embed)
- simgear <unfixed> (embed)
- - sitecopy <unfixed> (embed)
+ - sitecopy 1:0.16.0-1
- smart 1.0-1 (embed)
[etch] - smart <unfixed> (embed)
- swish-e <unfixed> (embed)
@@ -1539,7 +1539,7 @@
- dico <not-affected> (Uses the system copy of ltdl)
- freeradius 0.1+20010527-1 (embed)
NOTE: Earliest reference I could find from the changelog is from 27 May 2001
- - ggobi <unfixed> (embed)
+ - ggobi 2.1.9~20091212-1 (embed)
- glame <unfixed> (embed)
- gnash <unfixed> (embed)
- gnu-smalltalk <unfixed> (embed)
@@ -1565,7 +1565,7 @@
- ski <unfixed> (embed)
- synfig <unfixed> (embed)
- unixodbc 2.2.4-5 (embed)
- - xmlsec1 1.2.14-1 (embed)
+ - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto modules)
- clamav <unfixed> (embed)
- imagemagick <unfixed> (embed)
- hypre 2.4.0b-5 (embed)
More information about the Secure-testing-commits
mailing list