[Secure-testing-commits] r17085 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Aug 15 14:48:21 UTC 2011 

Author: jmm
Date: 2011-08-15 14:48:21 +0000 (Mon, 15 Aug 2011)
New Revision: 17085

Modified:
   data/CVE/list
Log:
- new perl issue
- new tomcat issue (tomcat7 only)
- first batch of Mozilla issues (more coming soon)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-08-15 09:14:19 UTC (rev 17084)
+++ data/CVE/list	2011-08-15 14:48:21 UTC (rev 17085)
@@ -1,3 +1,5 @@
+CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs]
+	- perl 5.12.4-4
 CVE-2011-3134
 	RESERVED
 CVE-2011-3133
@@ -322,10 +324,28 @@
 	RESERVED
 CVE-2011-2983
 	RESERVED
+	- xulrunner <removed>
+	[lenny] - xulrunner 1.9.0.19-13
+	- iceweasel 6.0-1
+	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+	- iceape 2.0.14-5
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2982
 	RESERVED
+	- xulrunner <removed>
+	[lenny] - xulrunner 1.9.0.19-13
+	- iceweasel 6.0-1
+	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+	- iceape 2.0.14-5
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2981
 	RESERVED
+	- xulrunner <removed>
+	[lenny] - xulrunner 1.9.0.19-13
+	- iceweasel 6.0-1
+	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+	- iceape 2.0.14-5
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2980
 	RESERVED
 CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...)
@@ -888,6 +908,7 @@
 CVE-2011-2729 [jsvc does not drop capabilities allowing the application to access files and directories owned by superuser]
 	RESERVED
 	- commons-daemon 1.0.7-1
+	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
 CVE-2011-2728
 	RESERVED
 CVE-2011-2727
@@ -1549,8 +1570,9 @@
 	NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
 CVE-2011-2482
 	RESERVED
-CVE-2011-2481
+CVE-2011-2481 
 	RESERVED
+	- tomcat7 7.0.19-1
 CVE-2011-2480 [kfreebsd info disclosure]
 	RESERVED
 	- kfreebsd-9 9.0~svn223502-1 (bug #631160)
@@ -1742,6 +1764,12 @@
 	TODO: check
 CVE-2011-2378
 	RESERVED
+	- xulrunner <removed>
+	[lenny] - xulrunner 1.9.0.19-13
+	- iceweasel 6.0-1
+	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
+	- iceape 2.0.14-5
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird ...)
 	- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
 	- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)

More information about the Secure-testing-commits mailing list