Secure testing commits - Jul 2007 - r6162 - in data: CVE DSA

Author: jmm-guest
Date: 2007-07-24 15:51:31 +0000 (Tue, 24 Jul 2007)
New Revision: 6162

Modified:
   data/CVE/list
   data/DSA/list
Log:
mozilla DSAs and unstable fixes


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-07-24 13:21:46 UTC (rev 6161)
+++ data/CVE/list	2007-07-24 15:51:31 UTC (rev 6162)
@@ -266,17 +266,28 @@
 CVE-2007-3739
 	RESERVED
 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
-	- iceweasel <unfixed> (medium)
+	- iceape 1.1.3-1 (medium)
+	- xulrunner 1.8.1.5-1 (medium)
+	- iceweasel 2.0.0.5-1 (medium)
 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to
execute ...)
-	- iceweasel <unfixed>
+	- iceape 1.1.3-1 (high)
+	- xulrunner 1.8.1.5-1 (high)
+	- iceweasel 2.0.0.5-1 (high)
 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
-	- iceweasel <unfixed> (high)
+	- iceweasel 2.0.0.5-1 (high)
+	- iceape 1.1.3-1 (high)
+	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
-	- iceweasel <unfixed> (high)
-	- icedove <unfixed> (high)
+	- iceweasel 2.0.0.5-1 (high)
+	- icedove <unfixed> (low)
+	NOTE: Affects only broken setups, enabling js in Icedove is strongly not
recommended
+	- iceape 1.1.3-1 (high)
+	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
-	- iceweasel <unfixed> (high)
+	- iceweasel 2.0.0.5-1 (high)
 	- icedove <unfixed> (high)
+	- iceape 1.1.3-1 (high)
+	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3733
 	RESERVED
 CVE-2007-3732
@@ -435,7 +446,9 @@
 CVE-2007-3657 (** DISPUTED ** ...)
 	TODO: check
 CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
-	- iceweasel <unfixed> (medium)
+	- iceweasel 2.0.0.5-1 (high)
+	- iceape 1.1.3-1 (high)
+	- xulrunner 1.8.1.5-1 (high)
 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start
in JRE ...)
 	TODO: check
 CVE-2007-3654
@@ -1303,11 +1316,7 @@
 CVE-2007-3286
 	RESERVED
 CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows
remote ...)
-	- iceweasel <unfixed> (low)
-	- iceape <unfixed> (low)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
-	- xulrunner <unfixed> (low)
+	- iceweasel <not-affected> (Affects only Firefox in Windows)
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows
allows ...)
 	NOT-FOR-US: Apple Safari
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when
root ...)
@@ -1770,11 +1779,9 @@
 	- mozilla <removed> (medium)
 	- xulrunner <unfixed> (medium)
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
-	- iceweasel <unfixed> (low)
-	- iceape <unfixed> (low)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
-	- xulrunner <unfixed> (low)
+	- iceweasel 2.0.0.5-1 (low)
+	- iceape 1.1.3-1 (low)
+	- xulrunner 1.8.1.5-1 (low)
 CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows
remote ...)
 	NOT-FOR-US: Comicsense
 CVE-2007-3087 (Peercast places a cleartext password in a query string, which
might ...)

Modified: data/DSA/list
==================================================================---
data/DSA/list	2007-07-24 13:21:46 UTC (rev 6161)
+++ data/DSA/list	2007-07-24 15:51:31 UTC (rev 6162)
@@ -1,3 +1,12 @@
+[23 Jul 2007] DSA-1338-1 iceweasel
+	{CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736
CVE-2007-3737 CVE-2007-3738}
+	[etch] - iceweasel 2.0.0.5-0etch1
+[22 Jul 2007] DSA-1337-1 xulrunner
+	{CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736
CVE-2007-3737 CVE-2007-3738}
+	[etch] - xulrunner 1.8.0.13~pre070720-0etch1
+[22 Jul 2007] DSA-1336-1 mozilla-firefox
+	{CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981
CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045
CVE-2006-6077}
+	[sarge] - mozilla-firefox 1.0.4-2sarge17
 [18 Jul 2007] DSA-1335-1 gimp
 	{CVE-2006-4519 CVE-2007-2949}
 	[sarge] - gimp 2.2.6-1sarge4