[Secure-testing-commits] r12418 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Sun Jul 26 17:29:37 UTC 2009
Author: jmm-guest
Date: 2009-07-26 17:29:37 +0000 (Sun, 26 Jul 2009)
New Revision: 12418
Modified:
data/CVE/list
Log:
bugnums
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-07-26 16:17:55 UTC (rev 12417)
+++ data/CVE/list 2009-07-26 17:29:37 UTC (rev 12418)
@@ -919,7 +919,7 @@
CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...)
NOT-FOR-US: VICIDIAL Call Center Suite
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- iceape <unfixed>
- kompozer <not-affected> (mail suite not compiled)
TODO: check on the details once the Mozilla bug has been made public
@@ -1919,7 +1919,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
@@ -1935,7 +1935,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
@@ -1946,7 +1946,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
@@ -1967,7 +1967,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...)
- xulrunner <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -3161,7 +3161,7 @@
- xulrunner 1.9.0.11-1
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
TODO: determine whether icedove truely affected or whether issue solely within xulrunner
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
- perl 5.10.0-23 (medium; bug #532736)
@@ -3480,7 +3480,7 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...)
{DSA-1830-1 DSA-1797-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...)
@@ -3499,12 +3499,12 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
{DSA-1830-1 DSA-1797-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
{DSA-1830-1 DSA-1797-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
@@ -5563,7 +5563,7 @@
- iceweasel 3.0.7-1 (low)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
{DSA-1830-1 DSA-1751-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
@@ -5574,24 +5574,24 @@
[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.7-1
[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
{DSA-1830-1 DSA-1751-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.7-1
[etch] - xulrunner <not-affected> (Vulnerable code not present)
- kompozer 1:0.8~alpha2+dfsg+svn129-1
@@ -6113,7 +6113,7 @@
- openssl 0.9.8-1 (bug #517791)
CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...)
{DSA-1830-1 DSA-1797-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
@@ -7467,7 +7467,7 @@
- xulrunner 1.9.0.5-1
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
{DSA-1830-1}
- iceweasel 3.0
@@ -7475,7 +7475,7 @@
- xulrunner 1.9.0.5-1
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...)
NOT-FOR-US: Systrace
@@ -9121,7 +9121,7 @@
NOTE: http://www.tdiary.org/20071215.html
CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
{DSA-1830-1 DSA-1750-1}
- - icedove 2.0.0.22-1
+ - icedove 2.0.0.22-1 (bug #535124)
- libpng 1.2.35-1 (bug #516256)
CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
- geronimo <itp> (bug #481869)
@@ -9510,7 +9510,7 @@
NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in ...)
- - roundcube 0.1.1-9 (high; bug #508628)
+ - roundcube 0.1.1-9 (high; bug #508628; bug #536498)
NOTE: According to the bug report, this is being exploited.
- moodle 1.8.2.dfsg-2 (bug #508909)
[etch] - moodle <not-affected> (Vulnerable code not present)
More information about the Secure-testing-commits
mailing list