thr3ads.net - Secure testing commits - [Secure-testing-commits] r14792

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2010-Jun-04 09:11 UTC
[Secure-testing-commits] r14792 - data/CVE

Author: derevko-guest
Date: 2010-06-04 09:11:26 +0000 (Fri, 04 Jun 2010)
New Revision: 14792

Modified:
   data/CVE/list
Log:
filed some bugs
icedove issues fixed with 3.x
CVE-2010-1511 fixed in kdenetwork 4:4.4.4-1


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-06-03 14:49:50 UTC (rev 14791)
+++ data/CVE/list	2010-06-04 09:11:26 UTC (rev 14792)
@@ -919,9 +919,10 @@
 CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users
module in ...)
 	NOT-FOR-US: Zikula Application Framework
 CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a
...)
-	- chromium-browser <unfixed>
+	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: various crashes on window close after opening the file on chromium
(including sometimes segfaults)
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
+	NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1
 CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to
cause ...)
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
@@ -1159,7 +1160,7 @@
 CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15
...)
 	NOT-FOR-US: Phorum
 CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...)
-	- ghostscript <unfixed>
+	- ghostscript <unfixed> (medium; bug #584516)
 	NOTE: no upstream fix available, see issue #1 in ubuntu bug report:
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
 	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
@@ -1468,10 +1469,9 @@
 	- aria2 1.9.3-1
 	NOTE: http://seclists.org/fulldisclosure/2010/May/168
 CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly
request ...)
-	- kdenetwork <unfixed> (low)
+	- kdenetwork 4:4.4.4-1 (low)
 	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
 	NOTE: http://seclists.org/fulldisclosure/2010/May/164
-	TODO: File bug for unstable
 CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows
remote ...)
 	NOT-FOR-US: IrfanView
 CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified
integer ...)
@@ -4677,10 +4677,10 @@
 	RESERVED
 CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw)
before ...)
 	{DSA-2046-1}
-	- phpgroupware <unfixed>
+	- phpgroupware <unfixed> (bug #584517)
 CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare
(phpgw) ...)
 	{DSA-2046-1}
-	- phpgroupware <unfixed>
+	- phpgroupware <unfixed> (bug #584518)
 CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of
...)
 	- openttd 1.0.1-1
 	[lenny] - openttd <no-dsa> (Contrib not supported)
@@ -4722,7 +4722,7 @@
 	[lenny] - iceape <not-affected> (dns prefetching implemented in
xulrunner 1.9.1)
 	NOTE: mozilla''s dns prefetching leads to disclosure of the
user''s network location
 CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and
other ...)
-	- icedove <unfixed> (low)
+	- icedove 3.0.2-1 (low)
 	[etch] - icedove <not-affected> (dns prefetching implemented in
xulrunner 1.9.1)
 	[lenny] - icedove <not-affected> (dns prefetching implemented in
xulrunner 1.9.1)
 	- iceape <unfixed> (low)
@@ -5498,7 +5498,7 @@
 	NOTE: recheck when versions based on firefox 3.6 get uploaded
 CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19
...)
 	{DSA-2025-1}
-	- icedove <unfixed> (medium)
+	- icedove 3.0.4-1 (medium)
 CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and
...)
 	{DSA-1999-1}
 	- xulrunner 1.9.1.8-1
@@ -6518,7 +6518,7 @@
 	NOTE: http://www.uzbl.org/news.php?id=22
 	NOTE: maintainer is aware of it
 CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...)
-	- apache <unfixed> (low)
+	- apache <removed> (low)
 	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious
server,
 	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in
reverse
 	NOTE: proxy situations, the backend server is usually trusted, anyway.
@@ -10247,7 +10247,7 @@
 CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	{DSA-2025-1 DSA-1885-1}
 	- xulrunner 1.9.0.14-1
-	- icedove <unfixed>
+	- icedove 3.0~rc2-2
 	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by
security support)
 CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla
Firefox ...)
 	{DSA-1885-1}
@@ -10260,7 +10260,7 @@
 CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	{DSA-2025-1 DSA-1885-1}
 	- xulrunner 1.9.0.14-1
-	- icedove <unfixed>
+	- icedove 3.0~rc2-2
 	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by
security support)
 CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
 	{DSA-1885-1}
@@ -12582,7 +12582,7 @@
 CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2)
...)
 	{DSA-2025-1 DSA-1931-1}
 	- nspr 4.8.2-1
-	- icedove <unfixed>
+	- icedove 3.0~rc2-2
 	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer
covered by security support)
 CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and
Thunderbird ...)
 	{DSA-1840-1}
Secure testing commits - Jun 2010 - r14792 - data/CVE

[Secure-testing-commits] r14792 - data/CVE
