Giuseppe Iuculano
2009-Aug-06 07:38 UTC
[Secure-testing-commits] r12491 - in data: CVE DSA
Author: derevko-guest
Date: 2009-08-06 07:38:25 +0000 (Thu, 06 Aug 2009)
New Revision: 12491
Modified:
data/CVE/list
data/DSA/list
Log:
- NFUs
- CVE-2009-2470 already covered by DSA-1840-1
- New mozilla issues
- CVE-2009-2661: incomplete fix for CVE-2009-2185
- Django and ZNC issues got a CVE id
- CVE-2009-2660: Multiple integer overflows in camlimages
- CVE-2009-2657: nilfs2-tools in Debian is not affected thanks to dh_fixperms
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-08-05 21:14:16 UTC (rev 12490)
+++ data/CVE/list 2009-08-06 07:38:25 UTC (rev 12491)
@@ -1,21 +1,21 @@
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
- TODO: check
+ - xulrunner <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the
JavaScript ...)
- TODO: check
+ - xulrunner <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox before
3.0.13 and ...)
- TODO: check
+ - xulrunner <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2662 (The browser engine in Mozilla Firefox before 3.0.13, and 3.5.x
before ...)
- TODO: check
+ - xulrunner <unfixed>
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2
before ...)
- TODO: check
+ - strongswan <unfixed> (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
- TODO: check
-CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django
1.0 and ...)
- TODO: check
-CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
- TODO: check
+ - camlimages (medium; bug #540146)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with
unnecessary ...)
- TODO: check
+ - nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid
bits from all files)
CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in
Android ...)
NOT-FOR-US: Android
CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity
is ...)
@@ -42,6 +42,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote ...)
- xulrunner <unfixed> (low; bug #539891)
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2653 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun
Solaris ...)
@@ -68,6 +69,7 @@
- openssl <unfixed> (medium; bug #539449)
- openssl097 <removed>
- xulrunner <unfixed> (medium)
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- nss 3.12.3-1 (medium; bug #539934)
NOTE: asked maintainer to check whether openssl affected
NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded
@@ -103,7 +105,7 @@
NOT-FOR-US: EasySiteNetwork Free Jokes Website
CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3,
3.0, ...)
NOT-FOR-US: Apache Roller
-CVE-2009-XXXX [python-django directory traversal in test webserver]
+CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django
1.0 and ...)
- python-django 1.1-1 (low; bug #539134)
[etch] - python-django <no-dsa> (Minor issue)
[lenny] - python-django <no-dsa> (Minor issue)
@@ -329,7 +331,7 @@
- chromium-browser <itp> (bug #520324)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8
before ...)
- chromium-browser <itp> (bug #520324)
-CVE-2009-XXXX [znc: directory traversal bug]
+CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
- znc 0.074-1 (medium; bug #537977)
[etch] - znc 0.045-3+etch3
[lenny] - znc 0.058-2+lenny3
@@ -501,7 +503,9 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows
remote ...)
- TODO: check
+ - xulrunner 1.9.0.12-1
+ [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
+ NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-38.html
CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG
element ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
@@ -1293,7 +1297,7 @@
CVE-2009-2199
RESERVED
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all
cookies ...)
- TODO: check
+ NOT-FOR-US: Apple GarageBand
CVE-2009-2197
RESERVED
CVE-2009-2196
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-08-05 21:14:16 UTC (rev 12490)
+++ data/DSA/list 2009-08-06 07:38:25 UTC (rev 12491)
@@ -35,7 +35,7 @@
[etch] - git-core 1:1.4.4.4-4+etch3
[lenny] - git-core 1:1.5.6.5-3+lenny2
[23 Jul 2009] DSA-1840-1 xulrunner - several vulnerabilities
- {CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466
CVE-2009-2467 CVE-2009-2469 CVE-2009-2471 CVE-2009-2472}
+ {CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466
CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472}
[lenny] - xulrunner 1.9.0.12-0lenny1
[19 Jul 2009] DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution
{CVE-2009-1932}