Secure testing commits - Oct 2006 - r4783 - data/CVE

Author: jmm-guest
Date: 2006-09-30 14:04:25 +0000 (Sat, 30 Sep 2006)
New Revision: 4783

Modified:
   data/CVE/list
Log:
xulrunner fixed
new plone issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2006-09-30 08:05:35 UTC (rev 4782)
+++ data/CVE/list	2006-09-30 14:04:25 UTC (rev 4783)
@@ -1044,6 +1044,7 @@
 	- mozilla <unfixed> (high)
 	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (high)
+	- xulrunner 1.8.0.7-1 (high)
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
 CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5,
with ...)
@@ -1053,14 +1054,14 @@
 CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the
&quot;blocked ...)
 	NOTE: MFSA-2006-62
 	- firefox 1.5.dfsg+1.5.0.7-1 (low)
-	- xulrunner <unfixed> (low)
+	- xulrunner 1.8.0.7-1 (low)
 	- thunderbird 1.5.0.7-1
 	[sarge] - mozilla-firefox <unfixed> (low)
 CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows
...)
 	NOTE: MFSA-2006-61
 	- mozilla <unfixed> (low)
 	- firefox 1.5.dfsg+1.5.0.7-1 (low)
-	- xulrunner <unfixed> (low)
+	- xulrunner 1.8.0.7-1 (low)
 	- thunderbird 1.5.0.7-1
 	[sarge] - mozilla-firefox <unfixed> (low)
 CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7
makes it ...)
@@ -1075,14 +1076,14 @@
 	- mozilla <unfixed> (high)
 	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (low)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.7-1 (high)
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
 CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7,
...)
 	NOTE: MFSA-2006-57
 	- mozilla <unfixed> (high)
 	- firefox 1.5.dfsg+1.5.0.7-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (low)
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
@@ -1590,7 +1591,7 @@
 	- mozilla <unfixed> (high)
 	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- thunderbird 1.5.0.7-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.7-1 (high)
 	[sarge] - mozilla-firefox <unfixed> (high)
 	[sarge] - mozilla-thunderbird <unfixed> (high)
 CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before
0.9.8c, ...)
@@ -1788,7 +1789,7 @@
 	NOT-FOR-US: IBM AIX
 CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier
...)
 	NOTE: MFSA-2006-59
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.7-1 (high)
 	- firefox 1.5.dfsg+1.5.0.7-1 (high)
 	- mozilla <unfixed> (high)
 	- mozilla-firefox <removed> (high)
@@ -1805,8 +1806,10 @@
 	RESERVED
 CVE-2006-4248
 	RESERVED
-CVE-2006-4247
+CVE-2006-4247 [plone password reset vulnerability]
 	RESERVED
+	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
+	- zope-cmfplone <unfixed>
 CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read
...)
 	TODO: check
 CVE-2006-4245