Author: gilbert-guest
Date: 2009-09-08 03:20:56 +0000 (Tue, 08 Sep 2009)
New Revision: 12761
Modified:
data/CVE/list
Log:
tracking for automatic lenny r3 -> testing updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-09-08 03:08:53 UTC (rev 12760)
+++ data/CVE/list 2009-09-08 03:20:56 UTC (rev 12761)
@@ -1259,6 +1259,7 @@
NOT-FOR-US: IBM AIX
CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before
1.2.34, ...)
- asterisk <unfixed> (bug #541441)
+ [squeeze] - asterisk <not-affected> (Doesn''t permit SIP packets
to exceed 1500 bytes total)
[lenny] - asterisk <not-affected> (Doesn''t permit SIP packets
to exceed 1500 bytes total)
[etch] - asterisk <not-affected> (Doesn''t permit SIP packets to
exceed 1500 bytes total)
CVE-2009-2725
@@ -1633,6 +1634,7 @@
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote ...)
{DSA-1873-1}
- xulrunner 1.9.0.13-1 (low; bug #539891)
+ [squeeze] - xulrunner 1.9.0.13-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2653 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Windows
@@ -2302,7 +2304,7 @@
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command
...)
{DSA-1877-1}
- mysql-dfsg-5.0 <unfixed> (low; bug #536726)
- TODO: check lenny/sid; they are likely fixed according to the report, but i
did not check
+ [squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
@@ -2825,7 +2827,9 @@
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17
allow ...)
{DSA-1830-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- iceape 1.1.17-1
+ [squeeze] - iceape <not-affected> (only provides a stub for
XPCOM)
[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
[etch] - iceape <no-dsa> (Mozilla from Etch no longer covered by
security support)
- kompozer <not-affected> (mail suite not compiled)
@@ -3839,6 +3843,7 @@
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not
check ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
@@ -3855,6 +3860,7 @@
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
@@ -3887,6 +3893,7 @@
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial
of ...)
- xulrunner <unfixed> (unimportant)
NOTE: Browser crashes not treated as security issues
@@ -5081,7 +5088,7 @@
[squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
- TODO: determine whether icedove truely affected or whether issue solely within
xulrunner
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
- perl 5.10.0-23 (low; bug #532736)
[etch] - perl <not-affected> (Doesn''t yet include
Compress-Raw-Zlib)
@@ -5396,6 +5403,7 @@
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before
3.0.9, ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9,
...)
@@ -5415,11 +5423,13 @@
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird
before ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9,
Thunderbird ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the
ID3v2 ...)
@@ -7468,6 +7478,7 @@
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
@@ -7479,23 +7490,27 @@
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7,
Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.7-1
[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7,
Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird
before ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.7-1
[etch] - xulrunner <not-affected> (Vulnerable code not present)
- kompozer 1:0.8~alpha2+dfsg+svn129-1
@@ -8025,6 +8040,7 @@
CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla
Firefox ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka
vnetd) in ...)
@@ -9380,6 +9396,7 @@
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
{DSA-1830-1}
- iceweasel 3.0
@@ -9388,6 +9405,7 @@
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux
platform ...)
NOT-FOR-US: Systrace
@@ -11045,6 +11063,7 @@
CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x
before ...)
{DSA-1830-1 DSA-1750-1}
- icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
- libpng 1.2.35-1 (bug #516256)
CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in
the web ...)
- geronimo <itp> (bug #481869)