Author: jmm-guest Date: 2009-06-12 07:16:19 +0000 (Fri, 12 Jun 2009) New Revision: 12109 Modified: data/CVE/list Log: - new round of mozilla issues - Adobe Reader NFUs Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-11 21:59:06 UTC (rev 12108) +++ data/CVE/list 2009-06-12 07:16:19 UTC (rev 12109) @@ -395,18 +395,24 @@ RESERVED CVE-2009-1861 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1860 RESERVED CVE-2009-1859 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1858 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1857 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1856 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1855 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...) NOT-FOR-US: Million Dollar Text Links CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...) @@ -457,26 +463,54 @@ - strongswan <unfixed> (medium; bug #531612) [etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3) TODO: Check not-affected status after split of temporary entry -CVE-2009-1841 +CVE-2009-1841 [JavaScript chrome privilege escalation] RESERVED -CVE-2009-1840 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1840 [XUL scripts bypass content-policy checks] RESERVED -CVE-2009-1839 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1839 [ Incorrect principal set for file: resources loaded via location bar] RESERVED -CVE-2009-1838 + - xulrunner <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1838 [Arbitrary code execution using event listeners attached to an element whose owner document is null] RESERVED -CVE-2009-1837 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1837 [ Race condition while accessing the private data of a NPObject JS wrapper class object] RESERVED -CVE-2009-1836 + - xulrunner <unfixed> + [etch] - xulrunner <not-affected> (Doesn''t affect Gecko 1.8) +CVE-2009-1836 [ SSL tampering via non-200 responses to proxy CONNECT requests] RESERVED -CVE-2009-1835 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1835 [Arbitrary domain cookie access by local file: resources] RESERVED -CVE-2009-1834 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1834 [URL spoofing with invalid unicode characters] RESERVED -CVE-2009-1833 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1833 [Crashes with evidence of memory corruption] RESERVED -CVE-2009-1832 + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) +CVE-2009-1832 [Crashes with evidence of memory corruption] RESERVED + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...) - xulrunner <unfixed> (unimportant) NOTE: Browser crashes not treated as security issues @@ -769,7 +803,8 @@ CVE-2009-1692 RESERVED CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - TODO: check + - webkit <unfixed> + TODO: File bug CVE-2009-1690 (WebKit in Apple Safari before 4.0 does not properly manage memory for ...) TODO: check CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) @@ -1609,8 +1644,11 @@ RESERVED CVE-2009-1393 RESERVED -CVE-2009-1392 +CVE-2009-1392 [Crashes with evidence of memory corruption] RESERVED + - xulrunner <unfixed> + - icedove <unfixed> + [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support) CVE-2009-1391 [Compress::Raw::Zlib buffer overflow] RESERVED - perl <unfixed> (medium; bug #532736) @@ -3532,8 +3570,10 @@ RESERVED CVE-2009-0889 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0888 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...) - pam <unfixed> (low; bug #520115) [lenny] - pam 1.0.1-5+lenny1 @@ -5245,12 +5285,16 @@ NOT-FOR-US: WebFrame CVE-2009-0512 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0511 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0510 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0509 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere ...) NOT-FOR-US: IBM WebSphere CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...) @@ -6417,6 +6461,7 @@ RESERVED CVE-2009-0198 RESERVED + NOT-FOR-US: Adobe Reader CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...) NOT-FOR-US: IrfanView CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)