Author: jmm Date: 2011-08-15 14:48:21 +0000 (Mon, 15 Aug 2011) New Revision: 17085 Modified: data/CVE/list Log: - new perl issue - new tomcat issue (tomcat7 only) - first batch of Mozilla issues (more coming soon) Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-08-15 09:14:19 UTC (rev 17084) +++ data/CVE/list 2011-08-15 14:48:21 UTC (rev 17085) @@ -1,3 +1,5 @@ +CVE-2011-XXXX [Fix decode_xs n-byte heap-overflow security bug in Unicode.xs] + - perl 5.12.4-4 CVE-2011-3134 RESERVED CVE-2011-3133 @@ -322,10 +324,28 @@ RESERVED CVE-2011-2983 RESERVED + - xulrunner <removed> + [lenny] - xulrunner 1.9.0.19-13 + - iceweasel 6.0-1 + [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) + - iceape 2.0.14-5 + [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2982 RESERVED + - xulrunner <removed> + [lenny] - xulrunner 1.9.0.19-13 + - iceweasel 6.0-1 + [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) + - iceape 2.0.14-5 + [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2981 RESERVED + - xulrunner <removed> + [lenny] - xulrunner 1.9.0.19-13 + - iceweasel 6.0-1 + [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) + - iceape 2.0.14-5 + [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2980 RESERVED CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...) @@ -888,6 +908,7 @@ CVE-2011-2729 [jsvc does not drop capabilities allowing the application to access files and directories owned by superuser] RESERVED - commons-daemon 1.0.7-1 + NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable CVE-2011-2728 RESERVED CVE-2011-2727 @@ -1549,8 +1570,9 @@ NOTE: http://openwall.com/lists/oss-security/2011/06/20/2 CVE-2011-2482 RESERVED -CVE-2011-2481 +CVE-2011-2481 RESERVED + - tomcat7 7.0.19-1 CVE-2011-2480 [kfreebsd info disclosure] RESERVED - kfreebsd-9 9.0~svn223502-1 (bug #631160) @@ -1742,6 +1764,12 @@ TODO: check CVE-2011-2378 RESERVED + - xulrunner <removed> + [lenny] - xulrunner 1.9.0.19-13 + - iceweasel 6.0-1 + [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) + - iceape 2.0.14-5 + [lenny] - iceape <not-affected> (Only a stub package) CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird ...) - xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6) - iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)