Author: joeyh
Date: 2007-07-24 21:14:07 +0000 (Tue, 24 Jul 2007)
New Revision: 6166
Modified:
data/CVE/list
Log:
automatic update
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-07-24 20:50:12 UTC (rev 6165)
+++ data/CVE/list 2007-07-24 21:14:07 UTC (rev 6166)
@@ -266,24 +266,29 @@
CVE-2007-3739
RESERVED
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before
2.0.0.5 ...)
+ {DSA-1338-1 DSA-1337-1}
- iceape 1.1.3-1 (medium)
- xulrunner 1.8.1.5-1 (medium)
- iceweasel 2.0.0.5-1 (medium)
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to
execute ...)
+ {DSA-1338-1 DSA-1337-1}
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
- iceweasel 2.0.0.5-1 (high)
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
+ {DSA-1338-1 DSA-1337-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine
in ...)
+ {DSA-1338-1 DSA-1337-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (low)
NOTE: Affects only broken setups, enabling js in Icedove is strongly
not recommended
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
+ {DSA-1338-1 DSA-1337-1}
- iceweasel 2.0.0.5-1 (high)
- icedove <unfixed> (high)
- iceape 1.1.3-1 (high)
@@ -305,6 +310,7 @@
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp
in ...)
TODO: check
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91
allows ...)
+ {DTSA-43-1}
- clamav 0.91-1
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does
not make ...)
TODO: check
@@ -446,6 +452,7 @@
CVE-2007-3657 (** DISPUTED ** ...)
TODO: check
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does
not ...)
+ {DSA-1338-1 DSA-1337-1}
- iceweasel 2.0.0.5-1 (high)
- iceape 1.1.3-1 (high)
- xulrunner 1.8.1.5-1 (high)
@@ -1698,10 +1705,10 @@
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup
utility) in ...)
NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
- {DSA-1320-1}
+ {DSA-1320-1 DTSA-43-1}
- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
- {DSA-1320-1}
+ {DSA-1320-1 DTSA-43-1}
- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c
in the ...)
- zvbi 0.2.25-1 (bug #429221; unimportant)
@@ -1786,6 +1793,7 @@
- mozilla <removed> (medium)
- xulrunner <unfixed> (medium)
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
+ {DSA-1338-1 DSA-1337-1}
- iceweasel 2.0.0.5-1 (low)
- iceape 1.1.3-1 (low)
- xulrunner 1.8.1.5-1 (low)
@@ -1922,10 +1930,10 @@
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV
before ...)
- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before
0.91rc1 ...)
- {DSA-1320-1}
+ {DSA-1320-1 DTSA-43-1}
- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not
...)
- {DSA-1320-1}
+ {DSA-1320-1 DTSA-43-1}
- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before
...)
NOT-FOR-US: Symantec
@@ -2801,7 +2809,7 @@
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27
allow ...)
NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote
attackers to ...)
- {DSA-1320-1}
+ {DSA-1320-1 DTSA-43-1}
- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript
delays for ...)
NOT-FOR-US: Speedport W 700v
@@ -6058,6 +6066,7 @@
CVE-2007-1283
RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and
SeaMonkey ...)
+ {DSA-1336-1}
- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for
Linux ...)
NOT-FOR-US: Kaspersky AntiVirus Engine
@@ -6953,10 +6962,12 @@
CVE-2007-0997
RESERVED
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x
before ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-02
- iceweasel 2.0.0.2+dfsg-1 (low)
- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and
SeaMonkey ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-02
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
@@ -6965,6 +6976,7 @@
[sarge] - mozilla-firefox <unfixed> (low)
[sarge] - mozilla <unfixed> (low)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and
1.x ...)
+ {DSA-1336-1}
- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
REJECTED
@@ -6995,6 +7007,7 @@
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in
TaskFreak! ...)
NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and
2.x ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-07
- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
- xulrunner 1.8.0.10-1 (high)
@@ -7572,6 +7585,7 @@
[sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and
2.x ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-03
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
@@ -7597,6 +7611,7 @@
[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0
et al)
[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in
Mozilla ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-01
- iceweasel 2.0.0.2+dfsg-1 (high)
- iceape 1.0.8-1 (high)
@@ -9530,6 +9545,7 @@
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin
before ...)
NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe
Acrobat ...)
+ {DSA-1336-1}
NOT-FOR-US: Adobe Acrobat Reader Plugin
NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
NOTE: and icape 1.0.8-1
@@ -10053,6 +10069,7 @@
{DSA-1256-1}
- gtk+2.0 2.8.20-5
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla
Network ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-06
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
@@ -10062,6 +10079,7 @@
[sarge] - mozilla <unfixed> (high)
- firefox <removed> (high)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network
Security ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-06
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
@@ -11428,6 +11446,7 @@
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in
a-ConMan ...)
NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8
and ...)
+ {DSA-1336-1}
NOTE: MFSA-2007-02
- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
- iceape 1.0.8-1 (high)
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
