Author: stef-guest Date: 2007-03-03 10:53:39 +0000 (Sat, 03 Mar 2007) New Revision: 5499 Modified: data/CVE/list Log: dropbear, iceape, xulrunner fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-03-01 17:02:52 UTC (rev 5498) +++ data/CVE/list 2007-03-03 10:53:39 UTC (rev 5499) @@ -125,7 +125,7 @@ CVE-2007-1100 (Directory traversal vulnerability in download.php in Pickle allows ...) NOT-FOR-US: Pickle CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...) - - dropbear <unfixed> (bug #412899) + - dropbear 0.49-1 (bug #412899) CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...) NOT-FOR-US: ScryMUD CVE-2007-1097 (Unspecified vulnerability in the upload tool in Wiclear before 0.11.1 ...) @@ -513,8 +513,8 @@ CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...) NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (low) - - iceape <unfixed> (low) - - xulrunner <unfixed> (low) + - iceape 1.0.8-1 (low) + - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-tunderbird <unfixed> (low) [sarge] - mozilla-firefox <unfixed> (low) [sarge] - mozilla <unfixed> (low) @@ -553,8 +553,8 @@ CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...) NOTE: MFSA-2007-07 - iceweasel 2.0.0.1+dfsg-3 (bug #411192; high) - - xulrunner <unfixed> (high) - - iceape <unfixed> (high) + - xulrunner 1.8.0.10-1 (high) + - iceape 1.0.8-1 (high) - icedove <unfixed> - mozilla-firefox <removed> (high) - mozilla-thunderbird <removed> @@ -1065,8 +1065,8 @@ CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - - iceape <unfixed> (medium) - - xulrunner <unfixed> (medium) + - iceape 1.0.8-1 (medium) + - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox <unfixed> (medium) [sarge] - mozilla <unfixed> (medium) - firefox <removed> (medium) @@ -1113,48 +1113,48 @@ CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...) NOTE: MFSA-2007-05 - iceweasel 2.0.0.2+dfsg-1 (medium) - - iceape <unfixed> (medium) - - xulrunner <unfixed> (medium) + - iceape 1.0.8-1 (medium) + - xulrunner 1.8.0.10-1 (medium) [sarge] - mozilla-firefox <unfixed> (medium) [sarge] - mozilla <unfixed> (medium) CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...) NOTE: MFSA-2007-04 - iceweasel 2.0.0.2+dfsg-1 (low) - - iceape <unfixed> (low) - - xulrunner <unfixed> (low) + - iceape 1.0.8-1 (low) + - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5) [sarge] - mozilla <not-affected> (introduced in firefox 1.5) CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...) NOTE: MFSA-2007-03 - iceweasel 2.0.0.2+dfsg-1 (low) - - iceape <unfixed> (low) - - xulrunner <unfixed> (low) + - iceape 1.0.8-1 (low) + - xulrunner 1.8.0.10-1 (low) [sarge] - mozilla-firefox <unfixed> (low) [sarge] - mozilla <unfixed> (low) CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - - iceape <unfixed> (high) + - iceape 1.0.8-1 (high) - icedove <unfixed> (low) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (low) [sarge] - mozilla <unfixed> (high) CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - - iceape <unfixed> (high) + - iceape 1.0.8-1 (high) - icedove <unfixed> (low) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (low) [sarge] - mozilla <unfixed> (high) CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox ...) NOTE: MFSA-2007-01 - iceweasel 2.0.0.2+dfsg-1 (high) - - iceape <unfixed> (high) + - iceape 1.0.8-1 (high) - icedove <unfixed> (low) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla-thunderbird <unfixed> (low) [sarge] - mozilla <unfixed> (high) @@ -3049,6 +3049,7 @@ CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...) NOT-FOR-US: Adobe Acrobat Reader Plugin NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02) + NOTE: and icape 1.0.8-1 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...) NOT-FOR-US: Adobe Acrobat Reader Plugin CVE-2007-0043 @@ -3570,16 +3571,16 @@ CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...) NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) - - iceape <unfixed> (low) - - xulrunner <unfixed> (high) + - iceape 1.0.8-1 (low) + - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla <unfixed> (high) - firefox <removed> (high) CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...) NOTE: MFSA-2007-06 - iceweasel 2.0.0.2+dfsg-1 (low) - - iceape <unfixed> (low) - - xulrunner <unfixed> (high) + - iceape 1.0.8-1 (low) + - xulrunner 1.8.0.10-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla <unfixed> (high) - firefox <removed> (high) @@ -4941,10 +4942,10 @@ CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...) NOTE: MFSA-2007-02 - iceweasel 2.0.0.2+dfsg-1 (high; bug #409220) - - iceape <unfixed> (high) + - iceape 1.0.8-1 (high) [sarge] - mozilla-firefox <unfixed> (high) [sarge] - mozilla <unfixed> (high) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.10-1 (medium) NOTE: Epiphany affected by xulrunner CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer ...) NOT-FOR-US: BrightStor