[Secure-testing-commits] r13835 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Jan 16 17:25:00 UTC 2010
Author: gilbert-guest
Date: 2010-01-16 17:24:59 +0000 (Sat, 16 Jan 2010)
New Revision: 13835
Modified:
data/CVE/list
Log:
mkpasswd issue; xulrunner issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-16 14:50:05 UTC (rev 13834)
+++ data/CVE/list 2010-01-16 17:24:59 UTC (rev 13835)
@@ -2,8 +2,10 @@
- sudo <undetermined> (low; bug #565223)
TODO: check
NOTE: bug report is very speculative, but is probably worth checking
+CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings]
+ - makepasswd <unfixed> (high; bug #564559)
CVE-2010-XXXX [mydms multiple issues]
- - mydms <undetermined>
+ - mydms <undetermined> (low)
TODO: check
NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
CVE-2010-XXXX [dokuwiki CSRF]
@@ -1917,9 +1919,9 @@
- monkey 0.9.3-1 (low)
[lenny] - monkey <no-dsa> (Minor issue, fringe package)
CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...)
- TODO: check
+ - xulrunner <undetermined> (bug #565521)
CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
- TODO: check
+ - xulrunner <undetermined> (bug #565521)
CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
- grub2 1.97+20091115-1 (bug #555195)
[lenny] - grub2 <not-affected> (Password authentication not yet present)
@@ -4452,7 +4454,8 @@
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...)
- TODO: check
+ - xulrunner <unfixed> (unimportant)
+ NOTE: browser denial-of-services are unimportant
CVE-2009-3245
RESERVED
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
@@ -8502,7 +8505,7 @@
CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...)
NOT-FOR-US: Apple Safari
CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http ...)
- TODO: check
+ - xulrunner <undetermined> (bug #565521)
CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response ...)
@@ -8510,7 +8513,7 @@
CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...)
NOT-FOR-US: Apple Safari
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...)
- TODO: check
+ - xulrunner <undetermined> (bug #565521)
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...)
- chromium-browser <itp> (bug #520324)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine ...)
@@ -9760,7 +9763,7 @@
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...)
- chromium-browser <itp> (bug #520324)
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
- TODO: check
+ - xulrunner <undetermined> (bug #565521)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...)
NOT-FOR-US: Openfire
CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite ...)
More information about the Secure-testing-commits
mailing list