jmm-guest at alioth.debian.org
2008-Nov-19 17:35 UTC
[Secure-testing-commits] r10422 - data/CVE
Author: jmm-guest
Date: 2008-11-19 17:35:00 +0000 (Wed, 19 Nov 2008)
New Revision: 10422
Modified:
data/CVE/list
Log:
new round of Mozilla issues
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-19 11:34:34 UTC (rev 10421)
+++ data/CVE/list 2008-11-19 17:35:00 UTC (rev 10422)
@@ -43,27 +43,27 @@
CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000
SP4 and ...)
NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris
10 and ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-5109
RESERVED
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows
...)
NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and
...)
- TODO: check
+ NOT-FOR-US: Citrix PS
CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote
...)
- TODO: check
+ NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause
a ...)
- TODO: check
+ NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a
virtual ...)
- TODO: check
+ NOT-FOR-US: VMBuilder
CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder
implementations in ...)
- TODO: check
+ NOT-FOR-US: VMBuilder
CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and
other ...)
TODO: check
CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework
...)
- TODO: check
+ NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0
through ...)
- TODO: check
+ NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System
Messaging ...)
TODO: check
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might
allow ...)
@@ -214,25 +214,53 @@
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function
in ...)
- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and
SeaMonkey ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - iceape <unfixed>
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x
...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before
...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
CVE-2008-5020
RESERVED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4
and ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4,
Firefox 2.x ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine
in ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4,
Thunderbird 2.x ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - icedove <unfixed>
+ - iceape <unfixed>
+ [etch] - iceweasel <not-affected> (Doesn''t affect Firefox 2.x
et al)
+ [etch] - xulrunner <not-affected> (Doesn''t affect Firefox 2.x
et al)
+ [etch] - iceape <not-affected> (Doesn''t affect Firefox 2.x et
al)
+ [etch] - icedove <not-affected> (Doesn''t affect Firefox 2.x et
al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a
file: ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ [etch] - iceweasel <not-affected> (Doesn''t affect Firefox 2.x)
+ [etch] - xulrunner <not-affected> (Doesn''t affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x
before ...)
TODO: check
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before
1.1.13 do ...)
@@ -580,7 +608,7 @@
CVE-2008-4833
RESERVED
CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath
allows ...)
- TODO: check
+ NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and
...)
NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830
@@ -12789,7 +12817,9 @@
CVE-2008-0018
RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in
Firefox ...)
- TODO: check
+ - iceweasel <unfixed>
+ - xulrunner <unfixed>
+ - iceape <unfixed>
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in
...)
{DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected