[Secure-testing-commits] r6162 - in data: CVE DSA

jmm-guest Tue, 24 Jul 2007 08:51:35 -0700

Author: jmm-guest
Date: 2007-07-24 15:51:31 +0000 (Tue, 24 Jul 2007)
New Revision: 6162


Modified:
   data/CVE/list
   data/DSA/list
Log:
mozilla DSAs and unstable fixes


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2007-07-24 13:21:46 UTC (rev 6161)
+++ data/CVE/list       2007-07-24 15:51:31 UTC (rev 6162)
@@ -266,17 +266,28 @@
 CVE-2007-3739
        RESERVED
 CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 
2.0.0.5 ...)
-       - iceweasel <unfixed> (medium)
+       - iceape 1.1.3-1 (medium)
+       - xulrunner 1.8.1.5-1 (medium)
+       - iceweasel 2.0.0.5-1 (medium)
 CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to 
execute ...)
-       - iceweasel <unfixed>
+       - iceape 1.1.3-1 (high)
+       - xulrunner 1.8.1.5-1 (high)
+       - iceweasel 2.0.0.5-1 (high)
 CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 
before ...)
-       - iceweasel <unfixed> (high)
+       - iceweasel 2.0.0.5-1 (high)
+       - iceape 1.1.3-1 (high)
+       - xulrunner 1.8.1.5-1 (high)
 CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine 
in ...)
-       - iceweasel <unfixed> (high)
-       - icedove <unfixed> (high)
+       - iceweasel 2.0.0.5-1 (high)
+       - icedove <unfixed> (low)
+       NOTE: Affects only broken setups, enabling js in Icedove is strongly 
not recommended
+       - iceape 1.1.3-1 (high)
+       - xulrunner 1.8.1.5-1 (high)
 CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in 
Mozilla ...)
-       - iceweasel <unfixed> (high)
+       - iceweasel 2.0.0.5-1 (high)
        - icedove <unfixed> (high)
+       - iceape 1.1.3-1 (high)
+       - xulrunner 1.8.1.5-1 (high)
 CVE-2007-3733
        RESERVED
 CVE-2007-3732
@@ -435,7 +446,9 @@
 CVE-2007-3657 (** DISPUTED ** ...)
        TODO: check
 CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does 
not ...)
-       - iceweasel <unfixed> (medium)
+       - iceweasel 2.0.0.5-1 (high)
+       - iceape 1.1.3-1 (high)
+       - xulrunner 1.8.1.5-1 (high)
 CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start 
in JRE ...)
        TODO: check
 CVE-2007-3654
@@ -1303,11 +1316,7 @@
 CVE-2007-3286
        RESERVED
 CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows 
remote ...)
-       - iceweasel <unfixed> (low)
-       - iceape <unfixed> (low)
-       - firefox <removed> (low)
-       - mozilla <removed> (low)
-       - xulrunner <unfixed> (low)
+       - iceweasel <not-affected> (Affects only Firefox in Windows)
 CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows 
allows ...)
        NOT-FOR-US: Apple Safari
 CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when 
root ...)
@@ -1770,11 +1779,9 @@
        - mozilla <removed> (medium)
        - xulrunner <unfixed> (medium)
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of 
document.write ...)
-       - iceweasel <unfixed> (low)
-       - iceape <unfixed> (low)
-       - firefox <removed> (low)
-       - mozilla <removed> (low)
-       - xulrunner <unfixed> (low)
+       - iceweasel 2.0.0.5-1 (low)
+       - iceape 1.1.3-1 (low)
+       - xulrunner 1.8.1.5-1 (low)
 CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows 
remote ...)
        NOT-FOR-US: Comicsense
 CVE-2007-3087 (Peercast places a cleartext password in a query string, which 
might ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list       2007-07-24 13:21:46 UTC (rev 6161)
+++ data/DSA/list       2007-07-24 15:51:31 UTC (rev 6162)
@@ -1,3 +1,12 @@
+[23 Jul 2007] DSA-1338-1 iceweasel
+       {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 
CVE-2007-3737 CVE-2007-3738}
+       [etch] - iceweasel 2.0.0.5-0etch1
+[22 Jul 2007] DSA-1337-1 xulrunner
+       {CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 
CVE-2007-3737 CVE-2007-3738}
+       [etch] - xulrunner 1.8.0.13~pre070720-0etch1
+[22 Jul 2007] DSA-1336-1 mozilla-firefox
+       {CVE-2007-1282 CVE-2007-0994 CVE-2007-0995 CVE-2007-0996 CVE-2007-0981 
CVE-2007-0008 CVE-2007-0009 CVE-2007-0775 CVE-2007-0778 CVE-2007-0045 
CVE-2006-6077}
+       [sarge] - mozilla-firefox 1.0.4-2sarge17
 [18 Jul 2007] DSA-1335-1 gimp
        {CVE-2006-4519 CVE-2007-2949}
        [sarge] - gimp 2.2.6-1sarge4


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r6162 - in data: CVE DSA

Reply via email to