Secure testing commits - Jan 2010 - r13835 - data/CVE

Author: gilbert-guest
Date: 2010-01-16 17:24:59 +0000 (Sat, 16 Jan 2010)
New Revision: 13835

Modified:
   data/CVE/list
Log:
mkpasswd issue; xulrunner issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-01-16 14:50:05 UTC (rev 13834)
+++ data/CVE/list	2010-01-16 17:24:59 UTC (rev 13835)
@@ -2,8 +2,10 @@
 	- sudo <undetermined> (low; bug #565223)
 	TODO: check
 	NOTE: bug report is very speculative, but is probably worth checking
+CVE-2010-XXXX [makepasswd: insecure passwords generated with default settings]
+	- makepasswd <unfixed> (high; bug #564559)
 CVE-2010-XXXX [mydms multiple issues]
-	- mydms <undetermined>
+	- mydms <undetermined> (low)
 	TODO: check
 	NOTE: http://seclists.org/fulldisclosure/2010/Jan/267
 CVE-2010-XXXX [dokuwiki CSRF]
@@ -1917,9 +1919,9 @@
 	- monkey 0.9.3-1 (low)
 	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
 CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle
function ...)
-	TODO: check
+	- xulrunner <undetermined> (bug #565521)
 CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to
produce a ...)
-	TODO: check
+	- xulrunner <undetermined> (bug #565521)
 CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the
submitted ...)
 	- grub2 1.97+20091115-1 (bug #555195)
 	[lenny] - grub2 <not-affected> (Password authentication not yet present)
@@ -4452,7 +4454,8 @@
 CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
 	NOT-FOR-US: Opera
 CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
-	TODO: check
+	- xulrunner <unfixed> (unimportant)
+	NOTE: browser denial-of-services are unimportant
 CVE-2009-3245
 	RESERVED
 CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in
Adobe ...)
@@ -8502,7 +8505,7 @@
 CVE-2009-2066 (Apple Safari detects http content in https web pages only when
the ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects
http ...)
-	TODO: check
+	- xulrunner <undetermined> (bug #565521)
 CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions,
detects ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT
response ...)
@@ -8510,7 +8513,7 @@
 CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response
before ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT
response ...)
-	TODO: check
+	- xulrunner <undetermined> (bug #565521)
 CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before
...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to
determine ...)
@@ -9760,7 +9763,7 @@
 CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript:
URI in ...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript:
URI in ...)
-	TODO: check
+	- xulrunner <undetermined> (bug #565521)
 CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly
implement the ...)
 	NOT-FOR-US: Openfire
 CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in
Ignite ...)