[Secure-testing-commits] r15182 - in data: CVE DSA

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Sun Aug 22 15:42:09 UTC 2010 

Author: jmm-guest
Date: 2010-08-22 15:42:03 +0000 (Sun, 22 Aug 2010)
New Revision: 15182

Modified:
   data/CVE/list
   data/DSA/list
Log:
new babiloo issue
new uzbnl issue
add missing mozilla IDs
fix lxr-cvs DSA entry


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-08-21 21:47:52 UTC (rev 15181)
+++ data/CVE/list	2010-08-22 15:42:03 UTC (rev 15182)
@@ -1,5 +1,7 @@
 CVE-2010-3057
 	RESERVED
+CVE-2010-XXXX [babiloo insecure downloading and unpacking of dictionary files]
+	- babiloo <unfixed> (low; bug #591995)
 CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
 	TODO: check
 CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...)
@@ -593,7 +595,8 @@
 CVE-2010-2810
 	RESERVED
 CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl before ...)
-	TODO: check
+	- uzbl <unfixed> 
+        TODO: File bug
 CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
 	- freetype 2.4.2-1
 CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...)
@@ -16434,7 +16437,10 @@
 CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...)
-	- xulrunner <undetermined> (bug #565521)
+	{DSA-1830-1 DSA-1820-1}
+	- xulrunner 1.9.0.11-1
+	- icedove 2.0.0.22-1 (bug #535124)
+	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...)
 	- chromium-browser <not-affected> (Only 1.x is affected)
 	- webkit <not-affected> (chrome-specific issue)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2010-08-21 21:47:52 UTC (rev 15181)
+++ data/DSA/list	2010-08-22 15:42:03 UTC (rev 15182)
@@ -6,6 +6,7 @@
 	[lenny] - ghostscript 8.62.dfsg.1-3.2lenny5
 [17 Aug 2010] DSA-2092-1  - cross-site scripting
 	{CVE-2009-4497 CVE-2010-1448 CVE-2010-1625 CVE-2010-1738}
+	[lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1
 [12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery
 	{CVE-2009-2964 CVE-2010-2813}
 	[lenny] - squirrelmail 2:1.4.15-4+lenny3.1
@@ -959,7 +960,7 @@
 	{CVE-2009-0858}
 	[lenny] - djbdns 1:1.05-4+lenny1
 [12 Jul 2009] DSA-1830-1 icedove - several vulnerabilities
-	{CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 CVE-2009-2210}
+	{CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771 CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302 CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836 CVE-2009-1838 CVE-2009-1841 CVE-2009-2210 CVE-2009-2061}
 	[lenny] - icedove 2.0.0.22-0lenny1
 [11 Jul 2009] DSA-1829-1 sork-passwd-h3 - cross-site scripting
 	{CVE-2009-2360}
@@ -993,7 +994,7 @@
 	{CVE-2009-1440}
 	[lenny] - amule 2.2.1-1+lenny2
 [18 Jun 2009] DSA-1820-1 xulrunner - several vulnerabilities
-	{CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841}
+	{CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835 CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840 CVE-2009-1841 CVE-2009-2061}
 	[lenny] - xulrunner 1.9.0.11-0lenny1
 [18 Jun 2009] DSA-1819-1 vlc - several vulnerabilities
 	{CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032}

More information about the Secure-testing-commits mailing list