jmm-guest at alioth.debian.org
2008-Oct-01 20:22 UTC
[Secure-testing-commits] r9925 - data/CVE
Author: jmm-guest Date: 2008-10-01 20:22:38 +0000 (Wed, 01 Oct 2008) New Revision: 9925 Modified: data/CVE/list Log: - add iceape to latest mozilla round, iceweasel and icedove still missing - fix gpicview entry - lazarus temp issue is a non-issue - one kernel issue fixed - bluez-libs fixed some time ago - older kdebase issue won''t be fixed for Lenny either Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-10-01 15:52:11 UTC (rev 9924) +++ data/CVE/list 2008-10-01 20:22:38 UTC (rev 9925) @@ -627,31 +627,43 @@ CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...) - TODO: check + - iceape 1.1.12-1 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...) - TODO: check + - iceape 1.1.12-1 + - xulrunner 1.9.0.3-1 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...) NOT-FOR-US: Objective Development Sharity CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...) @@ -1174,10 +1186,12 @@ NOT-FOR-US: Solaris CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...) - xulrunner 1.9.0.3-1 + - iceape 1.1.12-1 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...) TODO: check CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...) TODO: check + - iceape 1.1.12-1 CVE-2008-3834 RESERVED CVE-2008-3833 @@ -1435,7 +1449,7 @@ NOTE: CVE id requested NOTE: non-issue, not exploitable by other users CVE-2008-XXXX [Overwrite certain images without notice] - - gpicview 0.1.10-1 (unimportant; low; bug #497005) + - gpicview 0.1.10-1 (unimportant; bug #497005) NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869 NOTE: non-issue, not exploitable by other users NOTE: CVE id requested @@ -1450,7 +1464,8 @@ CVE-2008-XXXX [vdr: insecure temp file] - vdr 1.6.0-6 (low; bug #496421) CVE-2008-XXXX [lazarus: insecure temp file] - - lazarus 0.9.24-0-11 (low) + - lazarus 0.9.24-0-11 (unimportant; bug #496377) + NOTE: Not exploitable, see comments in buglog CVE-2008-XXXX [crossfire-maps: insecure temp file] - crossfire-maps 1.11.0-2 (low) CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...) @@ -1970,7 +1985,7 @@ - linux-2.6 2.6.26-4 [etch] - linux-2.6 <not-affected> CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...) - - linux-2.6 <unfixed> + - linux-2.6 2.6.26-7 - linux-2.6.24 <unfixed> CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 in Fedora 9 allows local ...) TODO: check @@ -4597,7 +4612,7 @@ CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...) - vsftpd <not-affected> (debian versions all include the fix) CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...) - - bluez-libs <unfixed> (low) + - bluez-libs 3.34 (low) - bluez-utils 3.34 (low) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374 CVE-2008-2373 @@ -10336,9 +10351,11 @@ CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...) NOT-FOR-US: Safari CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...) - - kdebase <unfixed> (low; bug #458968) + - kdebase 4:4.0.3-1 (low; bug #458968) [etch] - kdebase <no-dsa> (Minor issue) + [lenny] - kdebase <no-dsa> (Minor issue) NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921 + NOTE: No longer occurs in KDE 4.0.3 according to upstream bug CVE-2007-6590 REJECTED - iceape <unfixed> (low) @@ -10902,6 +10919,7 @@ RESERVED CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...) TODO: check + - iceape 1.1.12-1 CVE-2008-0015 RESERVED CVE-2008-0014