[Secure-testing-commits] r10890 - data/CVE
joeyh at alioth.debian.org
joeyh at alioth.debian.org
Thu Jan 8 09:14:15 UTC 2009
Author: joeyh
Date: 2009-01-08 09:14:13 +0000 (Thu, 08 Jan 2009)
New Revision: 10890
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-01-08 01:45:03 UTC (rev 10889)
+++ data/CVE/list 2009-01-08 09:14:13 UTC (rev 10890)
@@ -780,11 +780,13 @@
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...)
- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -797,16 +799,19 @@
CVE-2008-5509
RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -819,6 +824,7 @@
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
+ {DSA-1697-1 DSA-1696-1}
- iceape 1.1.13-1
- iceweasel 3.0
- xulrunner 1.9
@@ -838,6 +844,7 @@
[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
+ {DSA-1697-1 DSA-1696-1}
- iceweasel 3.0.5-1
- icedove 2.0.0.19-1
- iceape 1.1.14-1
@@ -1993,7 +2000,7 @@
{DSA-1665-1}
- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove 2.0.0.19-1
@@ -2004,13 +2011,13 @@
- xulrunner 1.9.0.4-1
- iceape 1.1.13-1
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- xulrunner 1.9.0.4-1
- iceweasel 3.0.4-1
- icedove 2.0.0.19-1
- iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove 2.0.0.19-1
@@ -2021,13 +2028,13 @@
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove 2.0.0.19-1
- iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove 2.0.0.19-1
@@ -2047,19 +2054,19 @@
[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove 2.0.0.19-1
- iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1671-1 DSA-1669-1}
- iceape 1.1.13-1
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- iceweasel 3.0
- xulrunner 1.9
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceape 1.1.13-1
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- iceweasel 3.0
@@ -3018,7 +3025,7 @@
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...)
NOT-FOR-US: Chilkat FTP
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- xulrunner 1.9.0.4-1
- iceweasel 3.0.4-1
- iceape 1.1.13-1
@@ -4215,22 +4222,23 @@
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
+ {DSA-1697-1 DSA-1696-1}
- iceape 1.1.12-1
- icedove 2.0.0.17-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1669-1 DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- iceweasel 3.0
- xulrunner 1.9
- iceape 1.1.12-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
- icedove 2.0.0.17-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
@@ -4243,7 +4251,7 @@
- iceape 1.1.12-1
- icedove 2.0.0.17-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
@@ -4257,31 +4265,31 @@
- iceweasel 3.0.3-1
[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
- icedove 2.0.0.17-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
- icedove 2.0.0.17-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
- icedove 2.0.0.17-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
- icedove 2.0.0.17-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
- xulrunner 1.9.0.3-1
- iceape 1.1.12-1
- iceweasel 3.0.3-1
@@ -4825,17 +4833,17 @@
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1669-1 DSA-1649-1}
- iceweasel 3.0.3-1 (low)
- xulrunner 1.9.0.3-1 (low)
- iceape 1.1.12-1 (low)
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1669-1 DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- iceweasel 3.0
- xulrunner 1.9
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- xulrunner 1.9
- iceweasel 3.0
@@ -7036,7 +7044,7 @@
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...)
- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...)
- {DSA-1615-1 DSA-1614-1}
+ {DSA-1697-1 DSA-1615-1 DSA-1614-1}
- iceweasel 3.0.1-1 (low)
CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...)
NOT-FOR-US: Red Hat adminutil
@@ -7357,29 +7365,30 @@
- linux-2.6 2.6.25-7
- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
- icedove 2.0.0.16-1
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
+ {DSA-1697-1}
- iceweasel <not-affected> (Windows-specific)
- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
- icedove 2.0.0.16-1
CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
@@ -7388,7 +7397,7 @@
- iceweasel <not-affected> (MacOS-specific)
- iceape <not-affected> (MacOS-specific)
CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0
NOTE: Firefox 3 not affected
- iceape 1.1.10
@@ -7396,34 +7405,34 @@
CVE-2008-2804
RESERVED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- icedove 2.0.0.16-1
- xulrunner 1.9.0.1-1
CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
- {DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
- {DSA-1621-1 DSA-1615-1 DSA-1607-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
- iceweasel 3.0~b2-1
- iceape 1.1.10-1
- xulrunner 1.9.0.1-1
@@ -7465,7 +7474,7 @@
NOTE: Unless more specific information pops up, this can be considered covered by
NOTE: CVE-2008-2785
CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...)
- {DSA-1621-1 DSA-1615-1 DSA-1614-1}
+ {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
- iceweasel 3.0 (medium; bug #488358)
- icedove 2.0.0.16-1
- iceape 1.1.11-1 (bug #491163)
@@ -7731,7 +7740,7 @@
NOT-FOR-US: pNews
CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...)
- ewiki <removed> (unimportant)
- NOTE: register_globals is not supported
+ NOTE: register_globals is not supported
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...)
NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
@@ -10704,7 +10713,7 @@
- zoneminder 1.23.3-1 (medium; bug #479034)
NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
- {DSA-1562-1 DSA-1558-1 DSA-1555-1}
+ {DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
- iceweasel 2.0.0.14-1
- icedove 2.0.0.14-1
- iceape 1.1.9-2
@@ -13276,7 +13285,7 @@
CVE-2008-0305
RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
- {DSA-1621-1}
+ {DSA-1697-1 DSA-1621-1}
- icedove 2.0.0.12-1 (medium)
- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
@@ -14696,12 +14705,12 @@
CVE-2008-0018
RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...)
- {DSA-1671-1 DSA-1669-1}
+ {DSA-1697-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
- {DSA-1669-1 DSA-1649-1}
+ {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
- xulrunner 1.9
- iceweasel 3.0
More information about the Secure-testing-commits
mailing list