jmm-guest at alioth.debian.org
2009-Feb-04 17:52 UTC
[Secure-testing-commits] r11135 - data/CVE
Author: jmm-guest
Date: 2009-02-04 17:52:41 +0000 (Wed, 04 Feb 2009)
New Revision: 11135
Modified:
data/CVE/list
Log:
- new glpi issues
- new mozilla issues
- fix gnome-multi-term entry
- fix mailscanner entry
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-02-04 17:50:44 UTC (rev 11134)
+++ data/CVE/list 2009-02-04 17:52:41 UTC (rev 11135)
@@ -1,3 +1,5 @@
+CVE-2009-XXXX [glpi sql injection]
+ - glpi 0.71.5-1 (bug #513611)
CVE-2009-XXXX [buffer overflow]
- audacity 1.3.6-1 (bug #514138)
NOTE: http://www.milw0rm.com/exploits/7634
@@ -23,20 +25,53 @@
RESERVED
CVE-2009-0359
RESERVED
-CVE-2009-0358
+CVE-2009-0358 [Mozilla: Directives to not cache pages ignored]
RESERVED
-CVE-2009-0357
+ - iceweasel 3.0
+ [etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
+CVE-2009-0357 [Mozilla: XMLHttpRequest allows reading HTTPOnly cookies]
RESERVED
-CVE-2009-0356
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ - iceape 1.1.14-1.1
+ NOTE: Iceape in Lenny only provides XPCOM libs
+CVE-2009-0356 [Mozilla: Information stealing via local shortcut files]
RESERVED
-CVE-2009-0355
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ - iceape 1.1.14-1.1
+ NOTE: Iceape in Lenny only provides XPCOM libs
+CVE-2009-0355 [Firefox: Local file stealing with SessionStore]
RESERVED
+ - iceweasel 3.0.6-1
CVE-2009-0354
RESERVED
-CVE-2009-0353
+ - iceweasel 3.0
+ [etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ [etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
+CVE-2009-0353 [Mozilla: Layout engine crashes with evidence of memory
corruption]
RESERVED
-CVE-2009-0352
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ - iceape 1.1.14-1.1
+ NOTE: Iceape in Lenny only provides XPCOM libs
+ - icedove <unfixed>
+CVE-2009-0352 [Mozilla: Javascript engine crashes with evidence of memory
corruption]
RESERVED
+ - iceweasel 3.0
+ NOTE: Iceweasel in Lenny links against Xulrunner
+ - xulrunner 1.9.0.5-1
+ - iceape 1.1.14-1.1
+ NOTE: Iceape in Lenny only provides XPCOM libs
+ - icedove <unfixed>
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux
platform ...)
NOT-FOR-US: Systrace
CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform
allows ...)
@@ -2897,7 +2932,6 @@
- nvidia-cg-toolkit <unfixed> (unimportant)
NOTE: -installer can be run from postinst but unsafe code is only executed
when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to
...)
- [etch] - multi-gnome-terminal <unfixed> (low)
[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows
local ...)
@@ -2907,8 +2941,7 @@
{DSA-1676-1}
- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 allows local users
to ...)
- [etch] - mailscanner <no-dsa> (unimportant)
- - mailscanner 4.57.6-1
+ - mailscanner 4.57.6-1 (unimportant)
NOTE: script should only be used when the private Trend Micro antivirus is
installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite
arbitrary ...)
{DSA-1674-1}