jmm-guest at alioth.debian.org
2009-Mar-21 02:14 UTC
[Secure-testing-commits] r11454 - data/CVE
Author: jmm-guest Date: 2009-03-21 02:14:54 +0000 (Sat, 21 Mar 2009) New Revision: 11454 Modified: data/CVE/list Log: - two new tor issues already fixed in stable - new kernel issue not affecting stable - NFUs - latest round of Mozilla issues - minor openldap issue fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-03-21 02:07:02 UTC (rev 11453) +++ data/CVE/list 2009-03-21 02:14:54 UTC (rev 11454) @@ -245,15 +245,17 @@ CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the ...) TODO: check CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...) - TODO: check + - tor 0.2.0.34-1 CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) - tor 0.2.0.34-1 (bug #512728) CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...) - tor 0.2.0.34-1 (bug #514580) CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...) - TODO: check + - tor 0.2.0.34-1 CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...) - TODO: check + - linux-2.6 <unfixed> (low) + [etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9) + - linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9) CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...) TODO: check CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...) @@ -417,21 +419,21 @@ CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic ...) NOT-FOR-US: Mevin Productions Basic PHP Events Lister CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...) - TODO: check + NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3 CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...) - TODO: check + NOT-FOR-US: My quiz and poll CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...) - TODO: check + NOT-FOR-US: Typo3 addon Random Prayer CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects ...) - TODO: check + NOT-FOR-US: Typo3 addon Simple Random Objects CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration ...) - TODO: check + NOT-FOR-US: Typo3 addon auto BE User Registration CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address & ...) - TODO: check + NOT-FOR-US: Typo3 addon CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ...) - TODO: check + NOT-FOR-US: Typo3 addon CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...) - TODO: check + NOT-FOR-US: Typo3 addon CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote ...) NOT-FOR-US: Edikon phpShop CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows ...) @@ -747,22 +749,31 @@ CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...) NOT-FOR-US: IBM AIX CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before ...) - - linux-2.6 <not-affected> (affected upstream kernel versions not part of Debian) - - linux-2.6.24 <not-affected> (affected upstream kernel versions not part of Debian) + - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25) + - linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25) CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...) - TODO: check + - iceweasel 3.0.7-1 (low) CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...) - TODO: check + - iceweasel 3.0 + NOTE: Iceweasel in Lenny links against Xulrunner + - xulrunner 1.9.0.7-1 CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...) - TODO: check + - xulrunner 1.9.0.7-1 + [etch] - xulrunner <not-affected> (Vulnerable code not present) CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) - TODO: check + - iceweasel 3.0 + NOTE: Iceweasel in Lenny links against Xulrunner + - xulrunner 1.9.0.7-1 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...) - TODO: check + - xulrunner 1.9.0.7-1 + [etch] - xulrunner <not-affected> (Vulnerable code not present) CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...) - TODO: check + - iceweasel 3.0 + NOTE: Iceweasel in Lenny links against Xulrunner + - xulrunner 1.9.0.7-1 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...) - TODO: check + - xulrunner 1.9.0.7-1 + [etch] - xulrunner <not-affected> (Vulnerable code not present) CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...) NOT-FOR-US: QIP CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...) @@ -55871,7 +55882,7 @@ NOTE: Montecito CPUs are not available on the market yet - linux-2.6 2.6.12-1 CVE-2005-XXXX [Minor local DoS as libldap] - - openldap <unfixed> (bug #253838; low) + - openldap 2.4.13 (bug #253838; low) CVE-2005-XXXX [Insecure bounds checking in mpack''s content parser] - mpack 1.6-1 (bug #216566) CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]