[Secure-testing-commits] r20349 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Oct 15 07:28:20 UTC 2012 

Author: jmm
Date: 2012-10-15 07:28:20 +0000 (Mon, 15 Oct 2012)
New Revision: 20349

Modified:
   data/CVE/list
Log:
iceweasel fixed
icedove fixed
iceape fixed
ruby1.8 fixed
incorrect CVE assignment for owncloud


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-14 20:20:24 UTC (rev 20348)
+++ data/CVE/list	2012-10-15 07:28:20 UTC (rev 20349)
@@ -1580,8 +1580,8 @@
 	RESERVED
 	NOTE: to be rejected
 CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
-	- owncloud 4.0.5debian-1 (bug #688123)
 	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
+	NOTE: False assignment, will be rejected, see #688123
 CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict ...)
 	- owncloud 4.0.7debian-1
 	[wheezy] - owncloud 4.0.4debian2-2
@@ -2383,7 +2383,7 @@
 	RESERVED
 CVE-2012-4481
 	RESERVED
-	- ruby1.8 <unfixed> (bug #689945)
+	- ruby1.8 1.8.7.358-5 (bug #689945)
 CVE-2012-4480
 	RESERVED
 	NOT-FOR-US: mom
@@ -3108,13 +3108,13 @@
 CVE-2012-4194
 	RESERVED
 CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, ...)
-	- iceweasel <unfixed>
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceweasel 10.0.9esr-1
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow ...)
-	- iceweasel <unfixed>
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceweasel 10.0.9esr-1
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets ...)
 	- iceweasel <not-affected> (Doesn't affect ESR series)
 CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...)
@@ -3123,44 +3123,44 @@
 	RESERVED
 CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures ...)
 	- iceweasel <unfixed>
-	- icedove <unfixed>
+	- icedove 10.0.9-1
 	- iceape <unfixed>
 CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4181 (Use-after-free vulnerability in the ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4180 (Heap-based buffer overflow in the ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4179 (Use-after-free vulnerability in the ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
@@ -3567,42 +3567,42 @@
 	- tikiwiki <removed>
 CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
 	- iceweasel <not-affected> (Only affects Firefox >= 10)
 	- icedove <not-affected> (Only affects Firefox >= 10)
 	- iceape <not-affected> (Only affects Firefox >= 10)
 CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to ...)
 	- iceweasel <not-affected> (Android-specific)
 CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
 	- iceweasel <not-affected> (Only affects Firefox >= 10)
 	- icedove <not-affected> (Only affects Firefox >= 10)
@@ -3618,8 +3618,8 @@
 	- iceape <not-affected> (Only affects Firefox >= 10)
 CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel 10.0.8esr-1
-	- icedove <unfixed>
-	- iceape <unfixed>
+	- icedove 10.0.9-1
+	- iceape 2.7.9-1
 CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, ...)
 	- bugzilla <removed> (low)
 	[squeeze] - bugzilla <no-dsa> (Minor issue)

More information about the Secure-testing-commits mailing list