thr3ads.net - Secure testing commits - [Secure-testing-commits] r12418

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2009-Jul-26 17:29 UTC
[Secure-testing-commits] r12418 - data/CVE

Author: jmm-guest
Date: 2009-07-26 17:29:37 +0000 (Sun, 26 Jul 2009)
New Revision: 12418

Modified:
   data/CVE/list
Log:
bugnums


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-26 16:17:55 UTC (rev 12417)
+++ data/CVE/list	2009-07-26 17:29:37 UTC (rev 12418)
@@ -919,7 +919,7 @@
 CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL
Call ...)
 	NOT-FOR-US: VICIDIAL Call Center Suite
 CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17
allow ...)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- iceape <unfixed>
 	- kompozer <not-affected> (mail suite not compiled)
 	TODO: check on the details once the Mozilla bug has been made public
@@ -1919,7 +1919,7 @@
 	- xulrunner 1.9.0.11-1
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not
check ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
@@ -1935,7 +1935,7 @@
 	- xulrunner 1.9.0.11-1
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
@@ -1946,7 +1946,7 @@
 	- xulrunner 1.9.0.11-1
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17
associate ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
@@ -1967,7 +1967,7 @@
 	- xulrunner 1.9.0.11-1
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial
of ...)
 	- xulrunner <unfixed> (unimportant)
 	NOTE: Browser crashes not treated as security issues
@@ -3161,7 +3161,7 @@
 	- xulrunner 1.9.0.11-1
 	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	TODO: determine whether icedove truely affected or whether issue solely within
xulrunner
 CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
 	- perl 5.10.0-23 (medium; bug #532736)
@@ -3480,7 +3480,7 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before
3.0.9, ...)
 	{DSA-1830-1 DSA-1797-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9,
...)
@@ -3499,12 +3499,12 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird
before ...)
 	{DSA-1830-1 DSA-1797-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9,
Thunderbird ...)
 	{DSA-1830-1 DSA-1797-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-1301 (Integer signedness error in the store_id3_text function in the
ID3v2 ...)
@@ -5563,7 +5563,7 @@
 	- iceweasel 3.0.7-1 (low)
 CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
 	{DSA-1830-1 DSA-1751-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
@@ -5574,24 +5574,24 @@
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
 CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
 CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7,
Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.7-1
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
 CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
 	{DSA-1830-1 DSA-1751-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
 CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
 	{DSA-1830-1 DSA-1751-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.7-1
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
 	- kompozer 1:0.8~alpha2+dfsg+svn129-1
@@ -6113,7 +6113,7 @@
 	- openssl 0.9.8-1 (bug #517791)
 CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla
Firefox ...)
 	{DSA-1830-1 DSA-1797-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka
vnetd) in ...)
@@ -7467,7 +7467,7 @@
 	- xulrunner 1.9.0.5-1
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	{DSA-1830-1}
 	- iceweasel 3.0
@@ -7475,7 +7475,7 @@
 	- xulrunner 1.9.0.5-1
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux
platform ...)
 	NOT-FOR-US: Systrace
@@ -9121,7 +9121,7 @@
 	NOTE: http://www.tdiary.org/20071215.html
 CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x
before ...)
 	{DSA-1830-1 DSA-1750-1}
-	- icedove 2.0.0.22-1
+	- icedove 2.0.0.22-1 (bug #535124)
 	- libpng 1.2.35-1 (bug #516256)
 CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
 	- geronimo <itp> (bug #481869)
@@ -9510,7 +9510,7 @@
 	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
 	NOTE: this only work for non-interactive sessions which is a quite exotic
usecase
 CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in
...)
-	- roundcube 0.1.1-9 (high; bug #508628)
+	- roundcube 0.1.1-9 (high; bug #508628; bug #536498)
 	NOTE: According to the bug report, this is being exploited.
 	- moodle 1.8.2.dfsg-2 (bug #508909)
 	[etch] - moodle <not-affected> (Vulnerable code not present)
Secure testing commits - Jul 2009 - r12418 - data/CVE

[Secure-testing-commits] r12418 - data/CVE
