thr3ads.net - Secure testing commits - [Secure-testing-commits] r5484

If this information is useful, please help other people find it:
Share via:
Stefan Fritsch
2007-Feb-25 17:21 UTC
[Secure-testing-commits] r5484 - data/CVE

Author: stef-guest
Date: 2007-02-25 17:21:16 +0100 (Sun, 25 Feb 2007)
New Revision: 5484

Modified:
   data/CVE/list
Log:
- new mozilla issues, iceweasle fixed
- dbmail fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-02-23 21:42:25 UTC (rev 5483)
+++ data/CVE/list	2007-02-25 16:21:16 UTC (rev 5484)
@@ -95,8 +95,15 @@
 	RESERVED
 CVE-2007-0996
 	RESERVED
-CVE-2007-0995
+CVE-2007-0995 [mozilla Child frame character set inheritance]
 	RESERVED
+	NOTE: MFSA-2007-02
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	[sarge] - mozilla-tunderbird <unfixed> (low)
+	[sarge] - mozilla-firefox <unfixed> (low)
+	[sarge] - mozilla <unfixed> (low)
 CVE-2007-0994
 	RESERVED
 CVE-2007-0993
@@ -129,6 +136,7 @@
 	- asterisk-chan-capi <unfixed> (bug #411293)
 	- linux-2.6 <unfixed> (bug #411294)
 CVE-2007-0981 (Mozilla based browsers, including Firefox, allow remote
attackers to ...)
+	NOTE: MFSA-2007-07
 	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
 	- xulrunner <unfixed> (high)
 	- iceape <unfixed> (high)
@@ -637,7 +645,12 @@
 	- iceweasel <unfixed> (low)
 	- firefox <removed> (low)
 CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers
blocked ...)
-	- iceweasel <unfixed> (medium)
+	NOTE: MFSA-2007-05
+	- iceweasel 2.0.0.2+dfsg-1 (medium)
+	- iceape <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	[sarge] - mozilla-firefox <unfixed> (medium)
+	[sarge] - mozilla <unfixed> (medium)
 	- firefox <removed> (medium)
 CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5
...)
 	NOT-FOR-US: Ublog Reload
@@ -680,17 +693,59 @@
 CVE-2007-0781
 	RESERVED
 CVE-2007-0780
+	RESERVED [mozilla XSS and local file access by opening blocked popups]
+	NOTE: MFSA-2007-05
+	- iceweasel 2.0.0.2+dfsg-1 (medium)
+	- iceape <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
+	[sarge] - mozilla-firefox <unfixed> (medium)
+	[sarge] - mozilla <unfixed> (medium)
+CVE-2007-0779 [mozilla  Spoofing using custom cursor and CSS3 hotspot]
 	RESERVED
-CVE-2007-0779
+	NOTE: MFSA-2007-04
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	[sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
+	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
+CVE-2007-0778 [mozilla Information disclosure through cache collisions]
 	RESERVED
-CVE-2007-0778
+	NOTE: MFSA-2007-03
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	[sarge] - mozilla-firefox <unfixed> (low)
+	[sarge] - mozilla <unfixed> (low)
+CVE-2007-0777 [mozilla Crashes with evidence of memory corruption]
 	RESERVED
-CVE-2007-0777
+	NOTE: MFSA-2007-01
+	- iceweasel 2.0.0.2+dfsg-1 (high)
+	- iceape <unfixed> (high)
+	- icedove <unfixed> (low)
+	- xulrunner <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla <unfixed> (high)
+CVE-2007-0776 [mozilla Crashes with evidence of memory corruption]
 	RESERVED
-CVE-2007-0776
+	NOTE: MFSA-2007-01
+	- iceweasel 2.0.0.2+dfsg-1 (high)
+	- iceape <unfixed> (high)
+	- icedove <unfixed> (low)
+	- xulrunner <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla <unfixed> (high)
+CVE-2007-0775 [mozilla Crashes with evidence of memory corruption]
 	RESERVED
-CVE-2007-0775
-	RESERVED
+	NOTE: MFSA-2007-01
+	- iceweasel 2.0.0.2+dfsg-1 (high)
+	- iceape <unfixed> (high)
+	- icedove <unfixed> (low)
+	- xulrunner <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-thunderbird <unfixed> (low)
+	[sarge] - mozilla <unfixed> (high)
 CVE-2007-0774
 	RESERVED
 CVE-2007-0773
@@ -2577,6 +2632,7 @@
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
 CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
Acrobat ...)
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
+	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
 CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox,
Internet ...)
 	NOT-FOR-US: Adobe Acrobat Reader Plugin
 CVE-2007-0043
@@ -3095,10 +3151,24 @@
 	{DSA-1256-1}
 	- gtk+2.0 2.8.20-5
 	TODO: check gdk-pixbuf
-CVE-2007-0009
+CVE-2007-0009 [mozilla SSLv2 Server Stack Overflow Vulnerability]
 	RESERVED
-CVE-2007-0008
+	NOTE: MFSA-2007-06
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla <unfixed> (high)
+	- firefox <removed> (high)
+CVE-2007-0008 [SSLv2 Client Integer Underflow Vulnerability]
 	RESERVED
+	NOTE: MFSA-2007-06
+	- iceweasel 2.0.0.2+dfsg-1 (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla <unfixed> (high)
+	- firefox <removed> (high)
 CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary ...)
 	- gnucash <unfixed> (bug #411942; medium)
 CVE-2007-0006 (The key serial number collision avoidance code in the
key_alloc_serial ...)
@@ -4455,8 +4525,11 @@
 CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in
a-ConMan ...)
 	NOT-FOR-US: a-ConMan
 CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and
...)
-	- iceweasel <unfixed> (high; bug #409220)
-	- mozilla-firefox <unfixed> (high)
+	NOTE: MFSA-2007-02
+	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
+	- iceape <unfixed> (high)
+	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla <unfixed> (high)
 	- xulrunner <unfixed> (medium)
 	NOTE: Epiphany affected by xulrunner
 CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in Computer
...)
@@ -24945,7 +25018,7 @@
 	- bidwatcher <removed> (bug #319489; low)
 	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no
users, no exploits)
 CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and
stops adduser working]
-	- dbmail <unfixed> (bug #303991; medium)
+	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
 CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
 	- mldonkey 2.5.28.1-1 (bug #300560; low)
 CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer"
warning somewhere]
Secure testing commits - Feb 2007 - r5484 - data/CVE

[Secure-testing-commits] r5484 - data/CVE
