[Secure-testing-commits] r11454 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Mar 21 02:14:55 UTC 2009
Author: jmm-guest
Date: 2009-03-21 02:14:54 +0000 (Sat, 21 Mar 2009)
New Revision: 11454
Modified:
data/CVE/list
Log:
- two new tor issues already fixed in stable
- new kernel issue not affecting stable
- NFUs
- latest round of Mozilla issues
- minor openldap issue fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-21 02:07:02 UTC (rev 11453)
+++ data/CVE/list 2009-03-21 02:14:54 UTC (rev 11454)
@@ -245,15 +245,17 @@
CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the ...)
TODO: check
CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...)
- TODO: check
+ - tor 0.2.0.34-1
CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...)
- tor 0.2.0.34-1 (bug #512728)
CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...)
- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...)
- TODO: check
+ - tor 0.2.0.34-1
CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...)
- TODO: check
+ - linux-2.6 <unfixed> (low)
+ [etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
+ - linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...)
TODO: check
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...)
@@ -417,21 +419,21 @@
CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic ...)
NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...)
- TODO: check
+ NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3
CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...)
- TODO: check
+ NOT-FOR-US: My quiz and poll
CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon Random Prayer
CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon Simple Random Objects
CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon auto BE User Registration
CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon
CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon
CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...)
- TODO: check
+ NOT-FOR-US: Typo3 addon
CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote ...)
NOT-FOR-US: Edikon phpShop
CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows ...)
@@ -747,22 +749,31 @@
CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...)
NOT-FOR-US: IBM AIX
CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before ...)
- - linux-2.6 <not-affected> (affected upstream kernel versions not part of Debian)
- - linux-2.6.24 <not-affected> (affected upstream kernel versions not part of Debian)
+ - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
+ - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...)
- TODO: check
+ - iceweasel 3.0.7-1 (low)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
- TODO: check
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.7-1
CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
- TODO: check
+ - xulrunner 1.9.0.7-1
+ [etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
- TODO: check
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.7-1
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
- TODO: check
+ - xulrunner 1.9.0.7-1
+ [etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
- TODO: check
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.7-1
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
- TODO: check
+ - xulrunner 1.9.0.7-1
+ [etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...)
NOT-FOR-US: QIP
CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...)
@@ -55871,7 +55882,7 @@
NOTE: Montecito CPUs are not available on the market yet
- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
- - openldap <unfixed> (bug #253838; low)
+ - openldap 2.4.13 (bug #253838; low)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
More information about the Secure-testing-commits
mailing list