Secure testing commits - Oct 2010 - r15531 - data/CVE

Author: jmm-guest
Date: 2010-10-27 20:03:23 +0000 (Wed, 27 Oct 2010)
New Revision: 15531

Modified:
   data/CVE/list
Log:
- icedove fixed
- new kernel stack leaks
- some iceweasel updates
- moin fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-10-27 04:13:33 UTC (rev 15530)
+++ data/CVE/list	2010-10-27 20:03:23 UTC (rev 15531)
@@ -20,24 +20,35 @@
 	RESERVED
 CVE-2010-4083
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4082
 	RESERVED
+	- linux-2.6 2.6.32-24 (low)
+	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
 CVE-2010-4081
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4080
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4079
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4078
 	RESERVED
+	- linux-2.6 2.6.32-24 (low)
 CVE-2010-4077
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4076
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4075
 	RESERVED
+	- linux-2.6 <unfixed> (low)
 CVE-2010-4074
 	RESERVED
+	- linux-2.6 2.6.32-24 (low)
 CVE-2010-4073
 	RESERVED
 	- linux-2.6 <unfixed> (low)
@@ -2260,27 +2271,32 @@
 	- xulrunner <removed>
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
+	- icedove 3.0.9-1
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 	[lenny] - xulrunner <not-affected> (bug in optimization added later)
 CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before
3.5.14 ...)
-	TODO: check
+	- icedove 3.0.9-1
+	TODO: check, does this really affect our build?
 CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before
3.5.14 ...)
-	TODO: check
+	- iceweasel <not-affected> (Windows-specific)
 CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in
Mozilla ...)
 	- xulrunner <removed>
+	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality
in ...)
 	- xulrunner <removed>
+	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,
Thunderbird ...)
 	- xulrunner <removed>
+	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.9-1
@@ -2301,12 +2317,13 @@
 	TODO: check
 CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
 	- xulrunner <removed>
+	- icedove 3.0.9-1
 	- iceweasel 3.5.14-1
 	[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.9-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and
3.6.x ...)
-	TODO: check
+	- nss <unfixed>
 CVE-2010-3172
 	RESERVED
 CVE-2010-3171 (The Math.random function in the JavaScript implementation in
Mozilla ...)
@@ -2854,8 +2871,7 @@
 CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
1.9.x ...)
 	- moin 1.9.3-1 (low)
 CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin
1.7.3 ...)
-	- moin <undetermined>
-	TODO: check
+	- moin 1.9.3-1
 CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP
connection ...)
 	NOT-FOR-US: vxworks
 CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River
VxWorks ...)