[Secure-testing-commits] r17085 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Aug 15 14:48:21 UTC 2011
Author: jmm
Date: 2011-08-15 14:48:21 +0000 (Mon, 15 Aug 2011)
New Revision: 17085
Modified:
data/CVE/list
Log:
- new perl issue
- new tomcat issue (tomcat7 only)
- first batch of Mozilla issues (more coming soon)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-08-15 09:14:19 UTC (rev 17084)
+++ data/CVE/list 2011-08-15 14:48:21 UTC (rev 17085)
@@ -1,3 +1,5 @@
+CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs]
+ - perl 5.12.4-4
CVE-2011-3134
RESERVED
CVE-2011-3133
@@ -322,10 +324,28 @@
RESERVED
CVE-2011-2983
RESERVED
+ - xulrunner <removed>
+ [lenny] - xulrunner 1.9.0.19-13
+ - iceweasel 6.0-1
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-5
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2982
RESERVED
+ - xulrunner <removed>
+ [lenny] - xulrunner 1.9.0.19-13
+ - iceweasel 6.0-1
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-5
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2981
RESERVED
+ - xulrunner <removed>
+ [lenny] - xulrunner 1.9.0.19-13
+ - iceweasel 6.0-1
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-5
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2980
RESERVED
CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...)
@@ -888,6 +908,7 @@
CVE-2011-2729 [jsvc does not drop capabilities allowing the application to access files and directories owned by superuser]
RESERVED
- commons-daemon 1.0.7-1
+ NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
CVE-2011-2728
RESERVED
CVE-2011-2727
@@ -1549,8 +1570,9 @@
NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
CVE-2011-2482
RESERVED
-CVE-2011-2481
+CVE-2011-2481
RESERVED
+ - tomcat7 7.0.19-1
CVE-2011-2480 [kfreebsd info disclosure]
RESERVED
- kfreebsd-9 9.0~svn223502-1 (bug #631160)
@@ -1742,6 +1764,12 @@
TODO: check
CVE-2011-2378
RESERVED
+ - xulrunner <removed>
+ [lenny] - xulrunner 1.9.0.19-13
+ - iceweasel 6.0-1
+ [lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+ - iceape 2.0.14-5
+ [lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird ...)
- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
More information about the Secure-testing-commits
mailing list