Secure testing commits - Feb 2006 - r3425 - data/CVE

Author: jmm-guest
Date: 2006-02-05 11:48:35 +0000 (Sun, 05 Feb 2006)
New Revision: 3425

Modified:
   data/CVE/list
Log:
new mozilla issues
new adzapper dos
kernel issue fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-02-04 18:57:12 UTC (rev 3424)
+++ data/CVE/list	2006-02-05 11:48:35 UTC (rev 3425)
@@ -109,7 +109,7 @@
 CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0
through ...)
 	TODO: check
 CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
-	TODO: check
+	- linux-2.6 2.6.15-4
 CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in
libpng ...)
 	TODO: check
 CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module
in ...)
@@ -591,21 +591,33 @@
 CVE-2006-0300
 	RESERVED
 CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1,
Thunderbird ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey
before ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird
1.5 if ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before
1.5.0.1, ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in
mail, ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running
Javascript ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
+	- mozilla-thunderbird <unfixed>
+	NOTE: This does currently only affect experimental, 1.0.x are safe
 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
+	- mozilla-thunderbird <unfixed>
+	NOTE: This does currently only affect experimental, 1.0.x are safe
 CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox
before ...)
-	TODO: check
+	- mozilla-firefox <unfixed> (bug #351442)
+	- mozilla-thunderbird <unfixed>
 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server
...)
 	NOT-FOR-US: Oracle
 CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7,
...)
@@ -1323,8 +1335,9 @@
 	RESERVED
 CVE-2006-0047
 	RESERVED
-CVE-2006-0046
+CVE-2006-0046 [adzapper DoS]
 	RESERVED
+	- adzapper 20060115-1
 CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving
and ...)
 	{DSA-949-1}
 	- crawl 1:4.0.0beta26-7 (medium)
@@ -4639,7 +4652,7 @@
 CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL
vhost ...)
 	- apache2 2.0.55-4
 CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain
situations, ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.15-4
 CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8
has ...)
 	{DSA-901-1}
 	- gnump3d 2.9.8-1