[Secure-testing-commits] r12109 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Fri Jun 12 07:16:20 UTC 2009
Author: jmm-guest
Date: 2009-06-12 07:16:19 +0000 (Fri, 12 Jun 2009)
New Revision: 12109
Modified:
data/CVE/list
Log:
- new round of mozilla issues
- Adobe Reader NFUs
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-11 21:59:06 UTC (rev 12108)
+++ data/CVE/list 2009-06-12 07:16:19 UTC (rev 12109)
@@ -395,18 +395,24 @@
RESERVED
CVE-2009-1861
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1860
RESERVED
CVE-2009-1859
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1858
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1857
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1856
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1855
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...)
NOT-FOR-US: Million Dollar Text Links
CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...)
@@ -457,26 +463,54 @@
- strongswan <unfixed> (medium; bug #531612)
[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
TODO: Check not-affected status after split of temporary entry
-CVE-2009-1841
+CVE-2009-1841 [JavaScript chrome privilege escalation]
RESERVED
-CVE-2009-1840
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1840 [XUL scripts bypass content-policy checks]
RESERVED
-CVE-2009-1839
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1839 [ Incorrect principal set for file: resources loaded via location bar]
RESERVED
-CVE-2009-1838
+ - xulrunner <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1838 [Arbitrary code execution using event listeners attached to an element whose owner document is null]
RESERVED
-CVE-2009-1837
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1837 [ Race condition while accessing the private data of a NPObject JS wrapper class object]
RESERVED
-CVE-2009-1836
+ - xulrunner <unfixed>
+ [etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
+CVE-2009-1836 [ SSL tampering via non-200 responses to proxy CONNECT requests]
RESERVED
-CVE-2009-1835
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1835 [Arbitrary domain cookie access by local file: resources]
RESERVED
-CVE-2009-1834
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1834 [URL spoofing with invalid unicode characters]
RESERVED
-CVE-2009-1833
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1833 [Crashes with evidence of memory corruption]
RESERVED
-CVE-2009-1832
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+CVE-2009-1832 [Crashes with evidence of memory corruption]
RESERVED
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...)
- xulrunner <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -769,7 +803,8 @@
CVE-2009-1692
RESERVED
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- TODO: check
+ - webkit <unfixed>
+ TODO: File bug
CVE-2009-1690 (WebKit in Apple Safari before 4.0 does not properly manage memory for ...)
TODO: check
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
@@ -1609,8 +1644,11 @@
RESERVED
CVE-2009-1393
RESERVED
-CVE-2009-1392
+CVE-2009-1392 [Crashes with evidence of memory corruption]
RESERVED
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-1391 [Compress::Raw::Zlib buffer overflow]
RESERVED
- perl <unfixed> (medium; bug #532736)
@@ -3532,8 +3570,10 @@
RESERVED
CVE-2009-0889
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0888
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
- pam <unfixed> (low; bug #520115)
[lenny] - pam 1.0.1-5+lenny1
@@ -5245,12 +5285,16 @@
NOT-FOR-US: WebFrame
CVE-2009-0512
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0511
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0510
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0509
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
@@ -6417,6 +6461,7 @@
RESERVED
CVE-2009-0198
RESERVED
+ NOT-FOR-US: Adobe Reader
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
More information about the Secure-testing-commits
mailing list