joeyh at alioth.debian.org
2009-Jan-08 09:14 UTC
[Secure-testing-commits] r10890 - data/CVE
Author: joeyh Date: 2009-01-08 09:14:13 +0000 (Thu, 08 Jan 2009) New Revision: 10890 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-01-08 01:45:03 UTC (rev 10889) +++ data/CVE/list 2009-01-08 09:14:13 UTC (rev 10890) @@ -780,11 +780,13 @@ CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...) - iceweasel 3.0.5-1 CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 @@ -797,16 +799,19 @@ CVE-2008-5509 RESERVED CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 - xulrunner 1.9.0.5-1 CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 @@ -819,6 +824,7 @@ NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected NOTE: Original fix for CVE-2008-3836 was incomplete CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...) + {DSA-1697-1 DSA-1696-1} - iceape 1.1.13-1 - iceweasel 3.0 - xulrunner 1.9 @@ -838,6 +844,7 @@ [etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected) - icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove) CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...) + {DSA-1697-1 DSA-1696-1} - iceweasel 3.0.5-1 - icedove 2.0.0.19-1 - iceape 1.1.14-1 @@ -1993,7 +2000,7 @@ {DSA-1665-1} - libcdaudio 0.99.12p2-7 (bug #505478) CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 @@ -2004,13 +2011,13 @@ - xulrunner 1.9.0.4-1 - iceape 1.1.13-1 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - xulrunner 1.9.0.4-1 - iceweasel 3.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 @@ -2021,13 +2028,13 @@ - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 @@ -2047,19 +2054,19 @@ [etch] - iceweasel <not-affected> (Doesn''t affect Firefox 2.x) [etch] - xulrunner <not-affected> (Doesn''t affect Firefox 2.x) CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - icedove 2.0.0.19-1 - iceape 1.1.13-1 CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1671-1 DSA-1669-1} - iceape 1.1.13-1 NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - iceweasel 3.0 - xulrunner 1.9 CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - iceape 1.1.13-1 NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - iceweasel 3.0 @@ -3018,7 +3025,7 @@ CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...) NOT-FOR-US: Chilkat FTP CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1} - xulrunner 1.9.0.4-1 - iceweasel 3.0.4-1 - iceape 1.1.13-1 @@ -4215,22 +4222,23 @@ CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...) + {DSA-1697-1 DSA-1696-1} - iceape 1.1.12-1 - icedove 2.0.0.17-1 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1669-1 DSA-1649-1} NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - iceweasel 3.0 - xulrunner 1.9 - iceape 1.1.12-1 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 @@ -4243,7 +4251,7 @@ - iceape 1.1.12-1 - icedove 2.0.0.17-1 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 @@ -4257,31 +4265,31 @@ - iceweasel 3.0.3-1 [etch] - iceweasel <not-affected> (Vulnerable code not present) CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 - icedove 2.0.0.17-1 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} - xulrunner 1.9.0.3-1 - iceape 1.1.12-1 - iceweasel 3.0.3-1 @@ -4825,17 +4833,17 @@ CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...) NOT-FOR-US: Solaris CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1669-1 DSA-1649-1} - iceweasel 3.0.3-1 (low) - xulrunner 1.9.0.3-1 (low) - iceape 1.1.12-1 (low) CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1669-1 DSA-1649-1} NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - iceweasel 3.0 - xulrunner 1.9 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - xulrunner 1.9 - iceweasel 3.0 @@ -7036,7 +7044,7 @@ CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...) - iceweasel <not-affected> (MacOS-specific) CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets ''|'' ...) - {DSA-1615-1 DSA-1614-1} + {DSA-1697-1 DSA-1615-1 DSA-1614-1} - iceweasel 3.0.1-1 (low) CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...) NOT-FOR-US: Red Hat adminutil @@ -7357,29 +7365,30 @@ - linux-2.6 2.6.25-7 - linux-2.6.24 2.6.24-6~etchnhalf.4 CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) + {DSA-1697-1} - iceweasel <not-affected> (Windows-specific) - iceape <not-affected> (Windows-specific) CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) - {DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 @@ -7388,7 +7397,7 @@ - iceweasel <not-affected> (MacOS-specific) - iceape <not-affected> (MacOS-specific) CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) - {DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0 NOTE: Firefox 3 not affected - iceape 1.1.10 @@ -7396,34 +7405,34 @@ CVE-2008-2804 RESERVED CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - icedove 2.0.0.16-1 - xulrunner 1.9.0.1-1 CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...) - {DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...) - {DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 - icedove 2.0.0.16-1 CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...) - {DSA-1621-1 DSA-1615-1 DSA-1607-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1} - iceweasel 3.0~b2-1 - iceape 1.1.10-1 - xulrunner 1.9.0.1-1 @@ -7465,7 +7474,7 @@ NOTE: Unless more specific information pops up, this can be considered covered by NOTE: CVE-2008-2785 CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...) - {DSA-1621-1 DSA-1615-1 DSA-1614-1} + {DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1} - iceweasel 3.0 (medium; bug #488358) - icedove 2.0.0.16-1 - iceape 1.1.11-1 (bug #491163) @@ -7731,7 +7740,7 @@ NOT-FOR-US: pNews CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...) - ewiki <removed> (unimportant) - NOTE: register_globals is not supported + NOTE: register_globals is not supported CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...) NOT-FOR-US: DCFM Blog CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...) @@ -10704,7 +10713,7 @@ - zoneminder 1.23.3-1 (medium; bug #479034) NOTE: http://www.awe.com/mark/blog/200804272230.html CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...) - {DSA-1562-1 DSA-1558-1 DSA-1555-1} + {DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1} - iceweasel 2.0.0.14-1 - icedove 2.0.0.14-1 - iceape 1.1.9-2 @@ -13276,7 +13285,7 @@ CVE-2008-0305 RESERVED CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...) - {DSA-1621-1} + {DSA-1697-1 DSA-1621-1} - icedove 2.0.0.12-1 (medium) - iceape 1.1.8-1 (medium) CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...) @@ -14696,12 +14705,12 @@ CVE-2008-0018 RESERVED CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...) - {DSA-1671-1 DSA-1669-1} + {DSA-1697-1 DSA-1671-1 DSA-1669-1} - iceweasel 3.0.4-1 - xulrunner 1.9.0.4-1 - iceape 1.1.13-1 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...) - {DSA-1669-1 DSA-1649-1} + {DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1} NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected - xulrunner 1.9 - iceweasel 3.0