stef-guest at alioth.debian.org
2007-Jun-11 20:11 UTC
[Secure-testing-commits] r5994 - data/CVE
Author: stef-guest
Date: 2007-06-11 20:11:32 +0000 (Mon, 11 Jun 2007)
New Revision: 5994
Modified:
data/CVE/list
Log:
- new jffnms issues fixed
- xulrunner, iceape, iceweasel fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2007-06-11 09:14:08 UTC (rev 5993)
+++ data/CVE/list 2007-06-11 20:11:32 UTC (rev 5994)
@@ -1,3 +1,5 @@
+CVE-2007-XXXX [jffnms multiple issues]
+ - jffnms 0.8.3dfsg.1-4
CVE-2007-3129
RESERVED
CVE-2007-3128
@@ -529,33 +531,49 @@
NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
{DSA-1300-1}
- - iceweasel <unfixed> (low)
- - iceape <unfixed> (low)
+ NOTE: MFSA2007-17
+ - iceweasel 2.0.0.4-1 (low)
+ - iceape 1.1.2-1 (low)
- firefox <removed> (low)
- mozilla <removed> (low)
+ - xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
{DSA-1300-1}
- - iceweasel <unfixed> (medium)
- - iceape <unfixed> (medium)
+ NOTE: MFSA2007-16
+ - iceweasel 2.0.0.4-1 (medium)
+ - iceape 1.1.2-1 (medium)
- firefox <removed> (medium)
- mozilla <removed> (medium)
+ - xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before
...)
- - iceweasel <unfixed> (unimportant)
- - iceape <unfixed> (unimportant)
+ NOTE: MFSA2007-13
+ - iceweasel 2.0.0.4-1 (unimportant)
+ - iceape 1.1.2-1 (unimportant)
- firefox <removed> (unimportant)
- mozilla <removed> (unimportant)
+ - xulrunner 1.8.1.4-1 (unimportant)
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla
Firefox ...)
{DSA-1300-1}
- - iceweasel <unfixed> (medium)
- - iceape <unfixed> (medium)
- - firefox <removed> (medium)
- - mozilla <removed> (medium)
+ NOTE: MFSA2007-12
+ - iceweasel 2.0.0.4-1 (high)
+ - iceape 1.1.2-1 (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+ - xulrunner 1.8.1.4-1 (high)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla
Firefox ...)
{DSA-1300-1}
- - iceweasel <unfixed> (medium)
- - iceape <unfixed> (medium)
- - firefox <removed> (medium)
- - mozilla <removed> (medium)
+ NOTE: MFSA2007-12
+ - iceweasel 2.0.0.4-1 (high)
+ - iceape 1.1.2-1 (high)
+ - firefox <removed> (high)
+ - mozilla <removed> (high)
+ - thunderbird <removed> (low)
+ - icedove <unfixed> (low)
+ - xulrunner 1.8.1.4-1 (high)
+ [sarge] - mozilla-thunderbird <unfixed> (low)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in
phpPgAdmin ...)
@@ -3512,7 +3530,10 @@
NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3
...)
{DSA-1300-1}
- NOT-FOR-US: No practical security implications
+ NOTE: Affects various clients, but no practical security implications
+ NOTE: MFSA2007-15
+ - icedove 2.0.0.4-1 (unimportant)
+ - iceape 1.1.2-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client
Security ...)
NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files
1.2 ...)
@@ -4003,7 +4024,10 @@
NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4,
and ...)
{DSA-1300-1}
- TODO: check
+ NOTE: MFSA2007-14
+ - iceape 1.1.2-1 (low)
+ - iceweasel 2.0.0.4-1 (low)
+ - xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in
virtuemart_parser.php in ...)
NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal
5.x ...)