Moritz Muehlenhoff
2010-Aug-22 15:42 UTC
[Secure-testing-commits] r15182 - in data: CVE DSA
Author: jmm-guest
Date: 2010-08-22 15:42:03 +0000 (Sun, 22 Aug 2010)
New Revision: 15182
Modified:
data/CVE/list
data/DSA/list
Log:
new babiloo issue
new uzbnl issue
add missing mozilla IDs
fix lxr-cvs DSA entry
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-08-21 21:47:52 UTC (rev 15181)
+++ data/CVE/list 2010-08-22 15:42:03 UTC (rev 15182)
@@ -1,5 +1,7 @@
CVE-2010-3057
RESERVED
+CVE-2010-XXXX [babiloo insecure downloading and unpacking of dictionary files]
+ - babiloo <unfixed> (low; bug #591995)
CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions
before ...)
TODO: check
CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to
cause ...)
@@ -593,7 +595,8 @@
CVE-2010-2810
RESERVED
CVE-2010-2809 (The default configuration of the <Button2> binding
in Uzbl before ...)
- TODO: check
+ - uzbl <unfixed>
+ TODO: File bug
CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
- freetype 2.4.2-1
CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during
bounds ...)
@@ -16434,7 +16437,10 @@
CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response
before ...)
NOT-FOR-US: Apple Safari
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT
response ...)
- - xulrunner <undetermined> (bug #565521)
+ {DSA-1830-1 DSA-1820-1}
+ - xulrunner 1.9.0.11-1
+ - icedove 2.0.0.22-1 (bug #535124)
+ [squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before
...)
- chromium-browser <not-affected> (Only 1.x is affected)
- webkit <not-affected> (chrome-specific issue)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2010-08-21 21:47:52 UTC (rev 15181)
+++ data/DSA/list 2010-08-22 15:42:03 UTC (rev 15182)
@@ -6,6 +6,7 @@
[lenny] - ghostscript 8.62.dfsg.1-3.2lenny5
[17 Aug 2010] DSA-2092-1 - cross-site scripting
{CVE-2009-4497 CVE-2010-1448 CVE-2010-1625 CVE-2010-1738}
+ [lenny] - lxr-cvs 0.9.5+cvs20071020-1+lenny1
[12 Aug 2010] DSA-2091-1 squirrelmail - cross-site request forgery
{CVE-2009-2964 CVE-2010-2813}
[lenny] - squirrelmail 2:1.4.15-4+lenny3.1
@@ -959,7 +960,7 @@
{CVE-2009-0858}
[lenny] - djbdns 1:1.05-4+lenny1
[12 Jul 2009] DSA-1830-1 icedove - several vulnerabilities
- {CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771
CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302
CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836
CVE-2009-1838 CVE-2009-1841 CVE-2009-2210}
+ {CVE-2009-0040 CVE-2009-0352 CVE-2009-0353 CVE-2009-0652 CVE-2009-0771
CVE-2009-0772 CVE-2009-0773 CVE-2009-0774 CVE-2009-0776 CVE-2009-1302
CVE-2009-1303 CVE-2009-1307 CVE-2009-1392 CVE-2009-1832 CVE-2009-1836
CVE-2009-1838 CVE-2009-1841 CVE-2009-2210 CVE-2009-2061}
[lenny] - icedove 2.0.0.22-0lenny1
[11 Jul 2009] DSA-1829-1 sork-passwd-h3 - cross-site scripting
{CVE-2009-2360}
@@ -993,7 +994,7 @@
{CVE-2009-1440}
[lenny] - amule 2.2.1-1+lenny2
[18 Jun 2009] DSA-1820-1 xulrunner - several vulnerabilities
- {CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835
CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840
CVE-2009-1841}
+ {CVE-2009-1392 CVE-2009-1832 CVE-2009-1833 CVE-2009-1834 CVE-2009-1835
CVE-2009-1836 CVE-2009-1837 CVE-2009-1838 CVE-2009-1839 CVE-2009-1840
CVE-2009-1841 CVE-2009-2061}
[lenny] - xulrunner 1.9.0.11-0lenny1
[18 Jun 2009] DSA-1819-1 vlc - several vulnerabilities
{CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 CVE-2008-2430
CVE-2008-3794 CVE-2008-4686 CVE-2008-5032}