jmm-guest at alioth.debian.org
2008-Nov-24 21:08 UTC
[Secure-testing-commits] r10477 - data/CVE
Author: jmm-guest
Date: 2008-11-24 21:08:54 +0000 (Mon, 24 Nov 2008)
New Revision: 10477
Modified:
data/CVE/list
Log:
syslog-ng fixed
a few iceweasel/xulrunner fixes
tor fixed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-11-24 21:01:40 UTC (rev 10476)
+++ data/CVE/list 2008-11-24 21:08:54 UTC (rev 10477)
@@ -217,7 +217,7 @@
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System
Messaging ...)
NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might
allow ...)
- - syslog-ng <unfixed> (unimportant; bug #505791)
+ - syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
NOTE: no security flaw by itself, still it should be fixed
CVE-2008-XXXX [dovecot directory traversal]
- dovecot 1:1.0.15-2.3 (bug #506031)
@@ -366,74 +366,84 @@
- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18,
...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and
SeaMonkey ...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x
...)
{DSA-1669-1}
- xulrunner 1.9.0.4-1
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before
...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5020
RESERVED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4
and ...)
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4,
Firefox 2.x ...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine
in ...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4,
Thunderbird 2.x ...)
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 1.1.13-1
[etch] - iceweasel <not-affected> (Doesn''t affect Firefox 2.x
et al)
[etch] - xulrunner <not-affected> (Doesn''t affect Firefox 2.x
et al)
[etch] - iceape <not-affected> (Doesn''t affect Firefox 2.x et
al)
[etch] - icedove <not-affected> (Doesn''t affect Firefox 2.x et
al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a
file: ...)
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
[etch] - iceweasel <not-affected> (Doesn''t affect Firefox 2.x)
[etch] - xulrunner <not-affected> (Doesn''t affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x
before ...)
{DSA-1669-1}
- TODO: check
+ - iceweasel 3.0.4-1
+ - xulrunner 1.9.0.4-1
+ - icedove <unfixed>
+ - iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before
1.1.13 do ...)
{DSA-1669-1}
- TODO: check
+ - iceape 1.1.13-1
+ NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+ - iceweasel 3.0
+ - xulrunner 1.9
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before
2.0.0.18, ...)
{DSA-1669-1}
- TODO: check
+ - iceape 1.1.13-1
+ NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+ - iceweasel 3.0
+ - xulrunner 1.9
+ - icedove <unfixed>
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10,
and ...)
NOT-FOR-US: in.dhcpd
CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1
allows ...)
- optipng 0.6.1.1-1 (bug #505399)
[etch] - optipng <not-affected> (Vulnerable code not present referring
to upstream)
CVE-2008-XXXX [tor: changing user does not clear supplementary group entries]
- - tor <unfixed> (bug #505178)
+ - tor 0.2.0.32-1 (bug #505178)
CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware
...)
NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port
number ...)
@@ -707,7 +717,7 @@
- python2.4 2.4.5-6 (bug #504620)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender
2.46 ...)
- blender 2.46+dfsg-5 (bug #503632; low)
- [etch] - blender <no-dsa> (pythonpath issue considered low)
+ [etch] - blender <no-dsa> (pythonpath issue considered minor issue)
CVE-2008-4862
RESERVED
CVE-2008-4861
@@ -1358,8 +1368,8 @@
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before
2.0.0.18, and ...)
{DSA-1669-1}
- xulrunner 1.9.0.4-1
- - iceweasel <not-affected> (Windows-specific)
- - iceape <not-affected> (Windows-specific)
+ - iceweasel 3.0.4-1
+ - iceape 1.1.13-1
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and
release ...)
NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman,
allows ...)
@@ -12983,9 +12993,9 @@
RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in
Firefox ...)
{DSA-1669-1}
- - iceweasel <unfixed>
+ - iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- - iceape <unfixed>
+ - iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in
...)
{DSA-1669-1 DSA-1649-1}
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected