Author: gilbert-guest
Date: 2010-03-06 22:38:20 +0000 (Sat, 06 Mar 2010)
New Revision: 14202
Modified:
data/CVE/list
data/DSA/list
Log:
remove uses of unimportant for issues which have had DSAs, SPUs, or others
released since that indicates at least minimal importance (addresses some more
latently vulnerable issues)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-03-06 21:55:31 UTC (rev 14201)
+++ data/CVE/list 2010-03-06 22:38:20 UTC (rev 14202)
@@ -6916,7 +6916,7 @@
CVE-2008-7160 (The silc_http_server_parse function in
lib/silchttp/silchttpserver.c ...)
{DSA-1879-1}
- silc-toolkit 1.1.10-1 (low)
- - silc-client <not-affected> (Vulnerable code not present)
+ - silc-client 1.1-2 (low)
- silc-server 1.1.2-1 (low)
NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in
HTMLDOC ...)
@@ -8626,9 +8626,9 @@
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia
Jukebox 4.0 ...)
NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access
to /dev ...)
- - freebsd-8 <undetermined> (bug #527811)
- - freebsd-7 <undetermined> (bug #527811)
- - freebsd-6 <removed> (bug #527811)
+ - kfreebsd-8 <undetermined> (bug #527811)
+ - kfreebsd-7 <undetermined> (bug #527811)
+ - kfreebsd-6 <removed> (bug #527811)
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain
configuration ...)
NOT-FOR-US: FlashDen Guestbook
CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and
Kaspersky ...)
@@ -10715,7 +10715,7 @@
[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in
the ...)
{DSA-1929-1}
- - linux-2.6 2.6.19-1 (unimportant)
+ - linux-2.6 2.6.19-1
- linux-2.6.24 <not-affected> (problem was fixed before first upload,
2.6.19)
NOTE: See Solar Designer''s posting to oss-security
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c
in ...)
@@ -13013,7 +13013,7 @@
[etch] - screen <not-affected> (etch version predates #433338)
[lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file
with ...)
- - screen 4.0.3-13 (unimportant; bug #521123)
+ - screen 4.0.3-13 (bug #521123)
[lenny] - screen 4.0.3-11+lenny1
NOTE: documented behaviour "or the public accessible
screen-exchange", see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in
attachment.cgi in ...)
@@ -14189,7 +14189,7 @@
NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in
the ...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- - linux-2.6 2.6.29-1 (unimportant)
+ - linux-2.6 2.6.29-1
NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
NOTE: for locally modified configs and even for that I fail to
NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM?
@@ -14231,7 +14231,7 @@
[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before
4.10.4 and ...)
{DSA-1914-1}
- - mapserver 5.2.2-1 (unimportant; bug #523027)
+ - mapserver 5.2.2-1 (bug #523027)
NOTE: this can only probe for files that are not present, useless when not
NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2
allows ...)
@@ -14239,7 +14239,7 @@
- mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in
MapServer ...)
{DSA-1914-1}
- - mapserver 5.2.2-1 (unimportant; bug #523027)
+ - mapserver 5.2.2-1 (bug #523027)
NOTE: this doesn''t work under linux as the root from the directory
traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in
cgiutil.c ...)
{DSA-1914-1}
@@ -19213,9 +19213,9 @@
TODO: write proper advisory and request CVE id
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows
context-dependent ...)
{DTSA-188-1}
- - php5 5.2.6.dfsg.1-3 (unimportant; bug #507101)
+ - php5 5.2.6.dfsg.1-3 (bug #507101)
[lenny] - php5 5.2.6.dfsg.1-1+lenny2
- - php4 <removed> (unimportant)
+ - php4 <removed>
NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link
function in ...)
- wordpress 2.5.1-11 (low; bug #507193)
@@ -19248,7 +19248,7 @@
NOTE: overlaps with CVE-2008-4610, same aac issue
NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib
1.1.12, ...)
- - xine-lib 1.1.16-1 (unimportant; bug #508716)
+ - xine-lib 1.1.16-1 (bug #508716)
[lenny] - xine-lib 1.1.14-4
[squeeze] - xine-lib 1.1.14-4
NOTE: these are just invalid reads that result in segfaults, denial of service
doesnt
@@ -20072,7 +20072,7 @@
[lenny] - dovecot <not-affected> (Vulnerable code not present prior to
1.1.4)
CVE-2008-5186 (** DISPUTED ** ...)
{DTSA-179-1}
- - geshi 1.0.8.1-1 (unimportant; bug #504445)
+ - geshi 1.0.8.1-1 (bug #504445)
NOTE: its rather an application bug if the input to set_language_path is
unfiltered user input
NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
@@ -20727,7 +20727,7 @@
NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service
...)
{DTSA-181-1}
- - mplayer 1.0~rc2-20 (unimportant; bug #407010)
+ - mplayer 1.0~rc2-20 (bug #407010)
NOTE: only the aac issue affected mplayer because it built against a copy of
faad
NOTE: the ogm issue is a problem in ffmpeg
- ffmpeg-debian <unfixed> (unimportant; bug #509616)
@@ -23479,8 +23479,8 @@
- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
{DSA-1687-1 DSA-1681-1}
- - linux-2.6 2.6.26-11 (unimportant)
- - linux-2.6.24 2.6.24-6~etchnhalf.7 (unimportant)
+ - linux-2.6 2.6.26-11
+ - linux-2.6.24 2.6.24-6~etchnhalf.7
NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
@@ -23662,7 +23662,7 @@
NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in
phpMyAdmin ...)
{DSA-1641-1}
- - phpmyadmin 4:2.11.8~rc1-1 (unimportant)
+ - phpmyadmin 4:2.11.8~rc1-1
NOTE: if an attacker can write arbitrary content to config/config.php you have
way more problems than this XSS
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in
...)
NOT-FOR-US: JnSHosts PHP Hosting Directory
@@ -24387,7 +24387,7 @@
NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before
1.2.4 ...)
{DSA-1903-1}
- - graphicsmagick 1.2.4-1 (unimportant; bug #491439)
+ - graphicsmagick 1.2.4-1 (bug #491439)
- imagemagick <unfixed> (unimportant; bug #559775)
NOTE: several DoS fixed in 1.2.4 according to upstream
NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
@@ -28189,7 +28189,7 @@
NOTE: comix can''t be used in a non-interactive setup thus the impact
level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2)
...)
{DSA-1557-1}
- - phpmyadmin 2.11.5.1 (unimportant)
+ - phpmyadmin 2.11.5.1
NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
NOTE: It is a workaround for the limited security that PHP has for
NOTE: session files on a shared host. This limitation is documented with
@@ -28561,7 +28561,7 @@
NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows
context-dependent ...)
{DSA-1572-1 DTSA-135-1}
- - php5 5.2.6-1 (unimportant)
+ - php5 5.2.6-1
NOTE: http://securityreason.com/achievement_securityalert/52
NOTE: Only exploitable through malicious script
NOTE:
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
@@ -30448,6 +30448,7 @@
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.9-1
+ - icedove 2.0.0.12-1
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12
and ...)
{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
- iceweasel 2.0.0.12-1
@@ -30465,6 +30466,7 @@
- iceweasel 2.0.0.12-1
- xulrunner 1.8.1.12-1
- iceape 1.1.9-1
+ - icedove 2.0.0.12-1
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0
allows ...)
NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1
allows ...)
@@ -32115,7 +32117,7 @@
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers
to ...)
- - vlc 0.8.6.c-4.1 (unimportant; bug #458318)
+ - vlc 0.8.6.c-4.1 (bug #458318)
[lenny] - vlc 0.8.6.c-4.1~lenny1
NOTE: That''s hardly a security problem, just a bug
CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options
including ...)
@@ -35875,7 +35877,7 @@
NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in
...)
{DSA-1403-1}
- - phpmyadmin 4:2.11.1.2-1 (unimportant; bug #446451)
+ - phpmyadmin 4:2.11.1.2-1 (bug #446451)
[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
@@ -37110,8 +37112,7 @@
NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer
1.0rc1 ...)
{DTSA-65-1}
- - mplayer 1.0~rc1-16.1 (bug #443478; unimportant)
- NOTE: just a NULL pointer dereference, not treated as a security problem for
this class of applications
+ - mplayer 1.0~rc1-16.1 (bug #443478)
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root
with ...)
NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x
has ...)
@@ -37806,9 +37807,8 @@
NOTE: limited format string vulnerability, the will be put into strfmon and
the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5
before ...)
{DSA-1578-1 DSA-1444-1 DTSA-61-1}
- - php5 5.2.4-1 (unimportant)
- - php4 <removed> (unimportant)
- NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
+ - php5 5.2.4-1
+ - php4 <removed>
NOTE:
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
NOTE: Only exploitable by malicious script
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides
the FTP ...)
@@ -39184,7 +39184,7 @@
NOTE: svn revisionsions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before
1.2.0 ...)
{DSA-1471-1}
- - libvorbis 1.2.0.dfsg-1 (unimportant)
+ - libvorbis 1.2.0.dfsg-1
NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as
a vulnerability
NOTE: svn revisionions fixing this:
https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal
5.x ...)
@@ -40650,7 +40650,7 @@
NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote
...)
{DSA-1332-1}
- - vlc 0.8.6.c.debian-1 (unimportant; bug #429726)
+ - vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c
VideoLAN ...)
{DSA-1332-1}
- vlc 0.8.6.c-1 (bug #429726)
@@ -41281,9 +41281,7 @@
- flyspray 0.9.8-12 (bug #429191; bug #429195)
[etch] - flyspray <not-affected> (Vulnerable code not)
[sarge] - flyspray <not-affected> (Vulnerable code not included)
- - moodle <not-affected> (Doesn''t affect moodle per maintainer)
- [lenny] - moodle 1.8.2-2 (bug #429190)
- [etch] - moodle 1.6.3-2+etch1 (bug #429339)
+ - moodle 1.8.2-2 (bug #429190)
- owl-dms 0.94-2 (bug #429197)
- knowledgeroot 0.9.8.2-2 (bug #429196)
[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
@@ -42982,7 +42980,7 @@
NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in
PHP ...)
{DTSA-39-1}
- - php5 5.2.2-1 (unimportant)
+ - php5 5.2.2-1
NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP
before ...)
{DSA-1295-1 DTSA-39-1}
@@ -43101,7 +43099,7 @@
NOT-FOR-US: FireFly
CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager
perl ...)
{DSA-1498-1}
- - libimager-perl 0.58-1 (unimportant; bug #421582)
+ - libimager-perl 0.58-1 (bug #421582)
NOTE: Only CVE-2007-2413 is exploitable per upstream
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria
Gallery ...)
NOT-FOR-US: Pixaria Gallery
@@ -44938,8 +44936,8 @@
NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and
4.4.6 ...)
{DSA-1283-1 DSA-1282-1}
- - php4 6:4.4.6-2 (unimportant)
- - php5 5.2.0-9 (unimportant)
+ - php4 6:4.4.6-2
+ - php5 5.2.0-9
NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
- php4 <unfixed> (unimportant)
@@ -45731,11 +45729,11 @@
NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP
header ...)
[etch] - trac 0.10.3-1etch1
- - trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
+ - trac 0.10.4-1 (bug #414134; bug #420219)
NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the
"download wiki page as ...)
[etch] - trac 0.10.3-1etch1
- - trac 0.10.4-1 (unimportant; bug #414134; bug #420219)
+ - trac 0.10.4-1 (bug #414134; bug #420219)
NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote
...)
NOT-FOR-US: ProSysInfo TFTP Server
@@ -45807,8 +45805,8 @@
NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the
5.x ...)
{DSA-1283-1 DTSA-39-1}
- - php4 <unfixed> (unimportant)
- - php5 5.2.0-11 (unimportant)
+ - php4 <unfixed>
+ - php5 5.2.0-11
NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and
...)
{DSA-1283-1 DTSA-39-1}
@@ -46604,10 +46602,10 @@
NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not
sufficiently warn ...)
- dropbear 0.49-1 (unimportant; bug #412899)
+ [etch] - dropbear 0.48.1-2 (unimportant)
NOTE: That''s a lack of a security feature (strict hostkey checking in
openssh
NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
NOTE: Especially as dropbear is specifically labeled a stripped down SSH
implementation
- [etch] - dropbear 0.48.1-2
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11
have ...)
NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles
function ...)
@@ -47113,7 +47111,7 @@
NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read
unreadable ...)
{DSA-1304 DSA-1286-1}
- - linux-2.6 2.6.20-1 (unimportant)
+ - linux-2.6 2.6.20-1
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in
the ...)
{DSA-1276-1}
- krb5 1.4.4-8 (high)
@@ -47253,10 +47251,10 @@
[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before
5.2.1 and ...)
{DSA-1264-1}
- - php5 5.2.0-9 (unimportant)
+ - php5 5.2.0-9
[etch] - php5 5.2.0-8+etch1
- - php4 6:4.4.4-9 (unimportant)
- NOTE: this extension is not enabled in the php packages
+ - php4 6:4.4.4-9
+ NOTE: this extension is not enabled by default in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a
...)
{DSA-1264-1}
- php5 5.2.0-9 (bug #410561; bug #410995; medium)
@@ -48923,7 +48921,7 @@
NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly
verify ...)
{DTSA-33-1}
- - wordpress 2.0.8-1 (unimportant; bug #407289)
+ - wordpress 2.0.8-1 (bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit
when ...)
NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
@@ -51579,7 +51577,7 @@
NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24,
...)
{DSA-1504-1 DSA-1436-1}
- - linux-2.6 2.6.22-6 (unimportant)
+ - linux-2.6 2.6.22-6
NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other
versions, on ...)
- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn''t
include GFS)
@@ -55617,7 +55615,8 @@
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might
allow ...)
{DSA-1211}
- pdns-recursor 3.1.4-1 (bug #398557; high)
- - pdns <not-affected> (Recursor module has been moved to pdns-recursor)
+ - pdns 2.9.20-4
+ NOTE: Recursor module has been moved to pdns-recursor
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier
allows ...)
{DSA-1278-1}
- man-db 2.4.3-5
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-03-06 21:55:31 UTC (rev 14201)
+++ data/DSA/list 2010-03-06 22:38:20 UTC (rev 14202)
@@ -1185,7 +1185,7 @@
{CVE-2008-2381 CVE-2008-6189 CVE-2008-6188 CVE-2008-6187}
[etch] - gforge 4.5.14-22etch10
[07 Jan 2009] DSA-1697-1 iceape - several vulnerabilities
- {CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798
CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803
CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2810
CVE-2008-2811 CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837
CVE-2008-4058 CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062
CVE-2008-4065 CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070
CVE-2008-4582 CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017
CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052
CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508
CVE-2008-5511 CVE-2008-5512 CVE-2007-3074}
+ {CVE-2008-0016 CVE-2008-0017 CVE-2008-0304 CVE-2008-2785 CVE-2008-2798
CVE-2008-2799 CVE-2008-2800 CVE-2008-2801 CVE-2008-2802 CVE-2008-2803
CVE-2008-2805 CVE-2008-2807 CVE-2008-2808 CVE-2008-2809 CVE-2008-2811
CVE-2008-2933 CVE-2008-3835 CVE-2008-3836 CVE-2008-3837 CVE-2008-4058
CVE-2008-4059 CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065
CVE-2008-4067 CVE-2008-4068 CVE-2008-4069 CVE-2008-4070 CVE-2008-4582
CVE-2008-5012 CVE-2008-5013 CVE-2008-5014 CVE-2008-5017 CVE-2008-5018
CVE-2008-5021 CVE-2008-5022 CVE-2008-5024 CVE-2008-5052 CVE-2008-5500
CVE-2008-5503 CVE-2008-5506 CVE-2008-5507 CVE-2008-5508 CVE-2008-5511
CVE-2008-5512 CVE-2007-3074}
[etch] - iceape 1.0.13~pre080614i-0etch1
[07 Jan 2009] DSA-1696-1 icedove - several vulnerabilities
{CVE-2008-0016 CVE-2008-1380 CVE-2008-3835 CVE-2008-4058 CVE-2008-4059
CVE-2008-4060 CVE-2008-4061 CVE-2008-4062 CVE-2008-4065 CVE-2008-4067
CVE-2008-4068 CVE-2008-4070 CVE-2008-4582 CVE-2008-5012 CVE-2008-5014
CVE-2008-5017 CVE-2008-5018 CVE-2008-5021 CVE-2008-5022 CVE-2008-5024
CVE-2008-5052 CVE-2008-5500 CVE-2008-5503 CVE-2008-5506 CVE-2008-5507
CVE-2008-5508 CVE-2008-5511 CVE-2008-5512}
@@ -1895,7 +1895,7 @@
{CVE-2007-2808}
[etch] - gnatsweb 4.00-1etch1
[10 Feb 2008] DSA-1485-2 icedove - several vulnerabilities
- {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0592 CVE-2008-0593
CVE-2008-0594}
+ {CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592
CVE-2008-0593 CVE-2008-0594}
[etch] - icedove 1.5.0.13+1.5.0.15b.dfsg1-0etch2
[10 Feb 2008] DSA-1484-1 xulrunner - several vulnerabilities
{CVE-2008-0412 CVE-2008-0413 CVE-2008-0414 CVE-2008-0415 CVE-2008-0416
CVE-2008-0417 CVE-2008-0418 CVE-2008-0419 CVE-2008-0591 CVE-2008-0592
CVE-2008-0593 CVE-2008-0594 CVE-2008-0420}