[Secure-testing-commits] r12761 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Sep 8 03:20:56 UTC 2009 

Author: gilbert-guest
Date: 2009-09-08 03:20:56 +0000 (Tue, 08 Sep 2009)
New Revision: 12761

Modified:
   data/CVE/list
Log:
tracking for automatic lenny r3 -> testing updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-08 03:08:53 UTC (rev 12760)
+++ data/CVE/list	2009-09-08 03:20:56 UTC (rev 12761)
@@ -1259,6 +1259,7 @@
 	NOT-FOR-US: IBM AIX
 CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
 	- asterisk <unfixed> (bug #541441)
+	[squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
 	[lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
 	[etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
 CVE-2009-2725
@@ -1633,6 +1634,7 @@
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
 	{DSA-1873-1}
 	- xulrunner 1.9.0.13-1 (low; bug #539891)
+	[squeeze] - xulrunner 1.9.0.13-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2653 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft Windows
@@ -2302,7 +2304,7 @@
 CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...)
 	{DSA-1877-1}
 	- mysql-dfsg-5.0 <unfixed> (low; bug #536726) 
-	TODO: check lenny/sid; they are likely fixed according to the report, but i did not check
+	[squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
 CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
 	- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
 	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
@@ -2825,7 +2827,9 @@
 CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...)
 	{DSA-1830-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- iceape 1.1.17-1 
+        [squeeze] - iceape <not-affected> (only provides a stub for XPCOM)
 	[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
 	[etch] - iceape <no-dsa> (Mozilla from Etch no longer covered by security support)
 	- kompozer <not-affected> (mail suite not compiled)
@@ -3839,6 +3843,7 @@
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
@@ -3855,6 +3860,7 @@
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
@@ -3887,6 +3893,7 @@
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...)
 	- xulrunner <unfixed> (unimportant)
 	NOTE: Browser crashes not treated as security issues
@@ -5081,7 +5088,7 @@
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
-	TODO: determine whether icedove truely affected or whether issue solely within xulrunner
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
 	- perl 5.10.0-23 (low; bug #532736)
 	[etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib)
@@ -5396,6 +5403,7 @@
 CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...)
 	{DSA-1830-1 DSA-1797-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...)
@@ -5415,11 +5423,13 @@
 CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
 	{DSA-1830-1 DSA-1797-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
 	{DSA-1830-1 DSA-1797-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
@@ -7468,6 +7478,7 @@
 CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
 	{DSA-1830-1 DSA-1751-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
@@ -7479,23 +7490,27 @@
 CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.7-1
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
 CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
 	{DSA-1830-1 DSA-1751-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.7-1
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
 	- kompozer 1:0.8~alpha2+dfsg+svn129-1
@@ -8025,6 +8040,7 @@
 CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...)
 	{DSA-1830-1 DSA-1797-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
@@ -9380,6 +9396,7 @@
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
 	{DSA-1830-1}
 	- iceweasel 3.0
@@ -9388,6 +9405,7 @@
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...)
 	NOT-FOR-US: Systrace
@@ -11045,6 +11063,7 @@
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
 	{DSA-1830-1 DSA-1750-1}
 	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 	- libpng 1.2.35-1 (bug #516256)
 CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
 	- geronimo <itp> (bug #481869)

More information about the Secure-testing-commits mailing list