Author: jmm
Date: 2015-01-14 17:49:16 +0000 (Wed, 14 Jan 2015)
New Revision: 31340
Modified:
data/CVE/list
Log:
more xulrunner/wheezy fixes
NFUs
no-dsa: chicken
new xbmc/kodi issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-14 17:43:25 UTC (rev 31339)
+++ data/CVE/list 2015-01-14 17:49:16 UTC (rev 31340)
@@ -1,3 +1,6 @@
+CVE-2014-XXXX [Kodi Cross-Site Request Forgery]
+ - xbmc <unfixed> (low)
+ [wheezy] - xbmc <no-dsa> (Minor issue)
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
- lhasa 0.2.0-1
[wheezy] - lhasa <no-dsa> (Minor issue)
@@ -468,11 +471,13 @@
[wheezy] - texlive-bin <no-dsa> (Minor issue)
CVE-2015-XXXX [directory traversal via symlinks]
- patch <unfixed> (bug #775227)
- [wheezy] - patch <not-affected> (Git-style patch support introduced in
2.7)
- [squeeze] - patch <not-affected> (Git-style patch support introduced in
2.7)
+ [wheezy] - patch <not-affected> (Support for git-style patches added in
2.7)
+ [squeeze] - patch <not-affected> (Support for git-style patches added
in 2.7)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/01/14/4
CVE-2015-XXXX [buffer overrun in CHICKEN Scheme's substring-index[-ci]
procedures]
- chicken <unfixed>
+ [wheezy] - chicken <no-dsa> (Minor issue)
+ [squeeze] - chicken <no-dsa> (Minor issue)
NOTE: CVE Request:
http://www.openwall.com/lists/oss-security/2015/01/12/3
NOTE: Patch:
http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt
CVE-2015-XXXX [Crashes due to fuzzed input]
@@ -1343,6 +1348,7 @@
- openjdk-7 <unfixed> (bug #774953)
- openjdk-6 <undetermined>
TODO: check
+ NOTE: Reported to Oracle, no reply so far
CVE-2015-XXXX [Null Pointer Deference in ereg(regex)]
- php5 <unfixed>
NOTE: https://bugs.php.net/bug.php?id=68740
@@ -6711,9 +6717,9 @@
CVE-2014-8037
RESERVED
CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not
...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces
different ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8034
RESERVED
CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server
allows ...)
@@ -6743,7 +6749,7 @@
CVE-2014-8021
RESERVED
CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software
allows ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content
Delivery ...)
NOT-FOR-US: Cisco
CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business
Voice ...)
@@ -18846,7 +18852,7 @@
CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity
Manager ...)
NOT-FOR-US: IBM Tivoli
CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social
Program ...)
- TODO: check
+ NOT-FOR-US: IBM Curam
CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a,
9.8 ...)
NOT-FOR-US: IBM DB2
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8
through ...)
@@ -78818,12 +78824,13 @@
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in
...)
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
@@ -78846,24 +78853,26 @@
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0052
RESERVED
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and
SeaMonkey ...)
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface
...)
{DSA-2158-1}
- cgiirc 0.5.9-3.1 (bug #612671)
@@ -81221,31 +81230,34 @@
[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before
3.5.16, ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.11-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before
3.6.13 and ...)
- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in
experimental)
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
- icedove 3.0.11-1
[lenny] - icedove <end-of-life>
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and
SeaMonkey ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in
netwerk/base/public/nsNetUtil.h ...)
- xulrunner <removed>
- iceweasel 3.5.16-1
@@ -81255,32 +81267,36 @@
[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and
SeaMonkey ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and
SeaMonkey ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and
SeaMonkey ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the
rendering ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before
3.5.16 and ...)
{DSA-2132-1}
- xulrunner <removed>
@@ -82961,33 +82977,36 @@
[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,
Thunderbird ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12
and ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3166 (Heap-based buffer overflow in the
nsTextFrameUtils::TransformText ...)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code
base)
@@ -82995,6 +83014,7 @@
[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code
base)
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1
and ...)
NOT-FOR-US: Yokka NoEditor and others
CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4
and ...)
@@ -84091,51 +84111,56 @@
- iceape <not-affected> (The vulnerability is MacOS-specific)
CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
{DSA-2124-1 DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,
Thunderbird ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before
3.5.12 ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12
and ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in
Mozilla ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9,
Thunderbird ...)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code
base)
@@ -84143,15 +84168,17 @@
[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code
base)
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper
(aka SJOW) ...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper
(aka SJOW) ...)
- xulrunner <not-affected> (Only affects 3.6, only in experimental)
- iceweasel <not-affected> (Only affects 3.6, only in experimental)
@@ -84165,13 +84192,14 @@
[lenny] - perl 5.10.0-19lenny3 (bug #606995)
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in
...)
{DSA-2106-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.12-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.7-1
[lenny] - icedove <end-of-life>
- iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
- bugzilla 3.6.2.0-1 (bug #595015; medium)
CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
@@ -87344,12 +87372,13 @@
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module
before ...)
NOT-FOR-US: Context module for drupal
CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the
...)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
