jmm-guest at alioth.debian.org
2008-May-28 13:58 UTC
[Secure-testing-commits] r8919 - data/CVE
Author: jmm-guest
Date: 2008-05-28 13:58:26 +0000 (Wed, 28 May 2008)
New Revision: 8919
Modified:
data/CVE/list
Log:
- Imager _is_ in the archive. Generally all Perl modules can be considered
part of Debian.... Marking as unfixed for now.
- util-linux issues doesn''t affect Etch, audit support not yet present
- one mozilla issue doesn''t affect Icedove
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-05-28 04:23:00 UTC (rev 8918)
+++ data/CVE/list 2008-05-28 13:58:26 UTC (rev 8919)
@@ -1031,10 +1031,11 @@
CVE-2008-1929
RESERVED
CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to
cause ...)
- NOT-FOR-US: Imager
+ - libimager-perl <unfixed>
CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c)
in ...)
{DTSA-126-1}
- util-linux 2.13.1.1-1 (low; bug #478135)
+ [etch] - util-linux <not-affected> (Audit support not available in
Etch''s version)
CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before
revision ...)
- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow
attackers to ...)
@@ -4524,8 +4525,9 @@
CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox
...)
- iceape 1.1.8-1
- iceweasel 2.0.0.12-1
- - icedove <unfixed>
TODO: Check xulrunner
+ NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but
clarified
+ NOTE: later, see
http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8
allows ...)
{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
- iceweasel 2.0.0.12-1