[Secure-testing-commits] r13568 - in data: . CVE

Moritz Muehlenhoff Wed, 16 Dec 2009 02:41:19 -0800

Author: jmm-guest
Date: 2009-12-16 10:41:09 +0000 (Wed, 16 Dec 2009)
New Revision: 13568


Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
* new xulrunner issues
* sitecopy code copies fixed a long time ago
* xmlsec1 uses ltdl properly
* ggobi ltdl code copy fixed
* more severity adjustments for expat issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2009-12-16 09:14:37 UTC (rev 13567)
+++ data/CVE/list       2009-12-16 10:41:09 UTC (rev 13568)
@@ -911,24 +911,36 @@
        RESERVED
 CVE-2009-3988
        RESERVED
-CVE-2009-3987
+CVE-2009-3987 [GeckoActiveXObject exception messages can be used to enumerate 
installed COM objects]
        RESERVED
-CVE-2009-3986
+       - xulrunner <not-affected> (Windows-specific vulnerability)
+CVE-2009-3986 [Privilege escalation via chrome window.opener]
        RESERVED
-CVE-2009-3985
+       - xulrunner <unfixed>
+CVE-2009-3985 [URL spoofing via invalid document.location]
        RESERVED
-CVE-2009-3984
+       - xulrunner <unfixed>
+CVE-2009-3984 [SSL spoofing with document.location]
        RESERVED
-CVE-2009-3983
+       - xulrunner <unfixed>
+CVE-2009-3983 [NTLM reflection vulnerability]
        RESERVED
-CVE-2009-3982
+       - xulrunner <unfixed>
+CVE-2009-3982 [Crashes with evidence of memory corruption]
        RESERVED
-CVE-2009-3981
+       - xulrunner <unfixed>
+       [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
+CVE-2009-3981 [Crashes with evidence of memory corruption]
        RESERVED
-CVE-2009-3980
+       - xulrunner 1.9.1
+       NOTE: Only affects Firefox 3
+CVE-2009-3980 [Crashes with evidence of memory corruption]
        RESERVED
-CVE-2009-3979
+       - xulrunner <unfixed>
+       [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
+CVE-2009-3979 [Crashes with evidence of memory corruption]
        RESERVED
+       - xulrunner <unfixed>
 CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in 
decoders/gif/nsGIFDecoder2.cpp ...)
        - xulrunner 1.9.1.5-1 (unimportant)
        NOTE: Browser crashes not treated as security issues
@@ -1545,7 +1557,9 @@
        - collectd <unfixed> (low; bug #559801)
        - courier-authlib <unfixed> (low; bug #559802)
        - cvsnt <unfixed> (low; bug #559803)
-       - ggobi <unfixed> (low; bug #559806)
+       - ggobi 2.1.9~20091212-1 (low; bug #559806)
+       [etch] - ggobi <no-dsa> (Minor issue)
+       [lenny] - ggobi <no-dsa> (Minor issue)
        - glame <unfixed> (low; bug #559807)
        - gnash <unfixed> (low; bug #559808)
        - gnu-smalltalk <unfixed> (low; bug #559809)
@@ -1573,7 +1587,8 @@
        - siproxd <unfixed> (low; bug #559827)
        - ski <unfixed> (low; bug #559828)
        - synfig <unfixed> (low; bug #559829)
-       - xmlsec1 1.2.14-1 (low; bug #559831)
+       - xmlsec1 1.2.14-1 (unimportant; bug #559831)
+       NOTE: Embedded code copy isn't used
        - clamav <unfixed> (low; bug #559832)
        - imagemagick <unfixed> (low; bug #559833)
        - hypre 2.4.0b-5 (low; bug #559834)
@@ -1699,7 +1714,6 @@
        - poco <unfixed> (low; bug #560936)
        [lenny] - poco <no-dsa> (minor issue)
        - simgear <unfixed> (unimportant; bug #560937)
-       - sitecopy <unfixed> (unimportant; bug #560938)
        - smart <unfixed> (low; bug #560953)
        [etch] - smart <no-dsa> (minor issue)
        [lenny] - smart <no-dsa> (minor issue)
@@ -2193,14 +2207,9 @@
        - ayttm 0.6.1-2 (low; bug #560924)
        [etch] - ayttm <no-dsa> (minor issue)
        [lenny] - ayttm <no-dsa> (minor issue)
-       - cableswig <unfixed> (low; bug #560925)
-       [etch] - cableswig <no-dsa> (minor issue)
-       [lenny] - cableswig <no-dsa> (minor issue)
-       - cadaver <unfixed> (low; bug #560926)
-       [etch] - cadaver <no-dsa> (minor issue)
-       [lenny] - cadaver <no-dsa> (minor issue)
-       - cmake 2.6.0-6 (low; bug #560927)
-       [etch] - cmake <no-dsa> (minor issue)
+       - cableswig <unfixed> (unimportant; bug #560925)
+       - cadaver <unfixed> (unimportant; bug #560926)
+       - cmake 2.6.0-6 (unimportant; bug #560927)
        - coin3 <unfixed> (low; bug #560928)
        - gdcm 2.0.14-2 (low; bug #560929)
        - ghostscript <unfixed> (low; bug #560930)
@@ -2222,9 +2231,6 @@
        - simgear <unfixed> (low; bug #560937)
        [etch] - simgear <no-dsa> (minor issue)
        [lenny] - simgear <no-dsa> (minor issue)
-       - sitecopy <unfixed> (low; bug #560938)
-       [etch] - sitecopy <no-dsa> (minor issue)
-       [lenny] - sitecopy <no-dsa> (minor issue)
        - smart <unfixed> (low; bug #560953)
        [etch] - smart <no-dsa> (minor issue)
        [lenny] - smart <no-dsa> (minor issue)
@@ -2686,10 +2692,16 @@
        RESERVED
 CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and 
(2) ...)
        NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
-CVE-2009-3389
+CVE-2009-3389 [libtheora/Firefox]
        RESERVED
-CVE-2009-3388
+       - libtheora 1.1
+       - xulrunner <unfixed>
+       [lenny] - xulrunner <not-affected> (Video playback capabilities were 
added in 3.5)
+CVE-2009-3388 [liboggplay/Firefox]
        RESERVED
+       - liboggplay <unfixed>
+       - xulrunner <unfixed>
+       [lenny] - xulrunner <not-affected> (Video playback capabilities were 
added in 3.5)
 CVE-2009-3387
        RESERVED
 CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 
3.5.1 ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies   2009-12-16 09:14:37 UTC (rev 13567)
+++ data/embedded-code-copies   2009-12-16 10:41:09 UTC (rev 13568)
@@ -424,7 +424,7 @@
        [etch] - litmus <unfixed> (embed; #395875)
        - litmus <removed> (embed; #395875)
        [sarge] - screem <unfixed> (embed)
-       - sitecopy 1:0.16.3-5 (embed; bug #395876)
+       - sitecopy 1:0.16.0-1 (embed; bug #395876)
        [etch] - tla <unfixed> (embed; bug #395877)
        [sarge] - tla <unfixed> (embed; bug #395877)
 
@@ -1107,7 +1107,7 @@
        - paraview <unfixed> (embed)
        - poco <unfixed> (embed)
        - simgear <unfixed> (embed)
-       - sitecopy <unfixed> (embed)
+       - sitecopy 1:0.16.0-1
        - smart 1.0-1 (embed)
        [etch] - smart <unfixed> (embed)
        - swish-e <unfixed> (embed)
@@ -1539,7 +1539,7 @@
        - dico <not-affected> (Uses the system copy of ltdl)
        - freeradius 0.1+20010527-1 (embed)
         NOTE: Earliest reference I could find from the changelog is from 27 
May 2001
-       - ggobi <unfixed> (embed)
+       - ggobi 2.1.9~20091212-1 (embed)
        - glame <unfixed> (embed)
        - gnash <unfixed> (embed)
        - gnu-smalltalk <unfixed> (embed)
@@ -1565,7 +1565,7 @@
        - ski <unfixed> (embed)
        - synfig <unfixed> (embed)
        - unixodbc 2.2.4-5 (embed)
-       - xmlsec1 1.2.14-1 (embed)
+       - xmlsec1 <not-affected> (Doesn't enable dynamic loading of crypto 
modules)
        - clamav <unfixed> (embed)
        - imagemagick <unfixed> (embed)
        - hypre 2.4.0b-5 (embed)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r13568 - in data: . CVE

Reply via email to