diff options
| author | Stefan Fritsch <sf@sfritsch.de> | 2006-04-30 18:53:24 +0000 |
|---|---|---|
| committer | Stefan Fritsch <sf@sfritsch.de> | 2006-04-30 18:53:24 +0000 |
| commit | 563b841eec861b39bf71bf5f84ae979db9b976fd (patch) | |
| tree | 1226096c3522d63fff39469794e9cba1b6b7b428 /data | |
| parent | 5563ff9853504d573961ea432eefe4f2ffe956ac (diff) | |
ruby bugnum
thunderbird fix
some NFUs
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@3897 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/1999.list | 2 | ||||
| -rw-r--r-- | data/CVE/2004.list | 3 | ||||
| -rw-r--r-- | data/CVE/2005.list | 3 | ||||
| -rw-r--r-- | data/CVE/2006.list | 68 |
4 files changed, 43 insertions, 33 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index 8030ef8f85..a1697d7841 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -1,5 +1,5 @@ CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...) - TODO: check + NOT-FOR-US: Sun Solaris CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...) NOT-FOR-US: Solaris CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports] diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 2090308f78..7ac50189e5 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -1,5 +1,6 @@ CVE-2004-2657 (** DISPUTED ** ...) - TODO: check + - mozilla-firefox <not-affected> + - firefox <not-affected> CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...) - slash <unfixed> (medium) CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 79d8228ef0..86e547da05 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -1,5 +1,5 @@ CVE-2005-4787 (** DISPUTED ** ...) - TODO: check + NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...) NOT-FOR-US: HAURI anti-virus CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...) @@ -7785,6 +7785,7 @@ CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows loc {DSA-1046-1} - mozilla-thunderbird 1.0.6-1 (bug #306893; low) - firefox 1.5.dfsg+1.5.0.2-1 + - thunderbird 1.5.0.2-1 CVE-2005-XXXX [Directory traversal in unzoo] - unzoo 4.4-4 CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng] diff --git a/data/CVE/2006.list b/data/CVE/2006.list index 763615abb7..15520617b3 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -195,7 +195,7 @@ CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets NOTE: the redhat bugzilla entry says this is fixed in 1.8.3 NOTE: the fix is definitely not in 1.8.2-7sarge2 - ruby1.8 1.8.3 - [sarge] - ruby1.8 <unfixed> (bug filed) + [sarge] - ruby1.8 <unfixed> (bug #365520) CVE-2006-1930 (Multiple SQL injection vulnerabilities in userscript.php in Green ...) NOT-FOR-US: Green Minute CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...) @@ -233,17 +233,17 @@ CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sens CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...) NOT-FOR-US: Jax Guestbook CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...) - TODO: check + NOT-FOR-US: MyBB CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...) - TODO: check + NOT-FOR-US: Serendipity CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...) - TODO: check + NOT-FOR-US: Coppermine CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...) - TODO: check + NOT-FOR-US: myEvent CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...) - TODO: check + NOT-FOR-US: myEvent CVE-2006-XXXX [wiki macro XSS vulnerability] - trac 0.9.5-1 CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...) @@ -591,7 +591,7 @@ CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x befo - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) NOTE: The Mozilla Foundation labels this as "critical", but it's not NOTE: clear if this bug is exploitable. @@ -600,35 +600,35 @@ CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Su - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (low) - mozilla-firefox <unfixed> (low) - mozilla <unfixed> (low) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...) {DSA-1046-1 DSA-1044-1} @@ -640,42 +640,42 @@ CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1 - firefox <unfixed> (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) {DSA-1044-1} - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...) {DSA-1046-1 DSA-1044-1} - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...) {DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is NOTE: exploitable in the default configuration. @@ -690,20 +690,20 @@ CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...) {DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) - mozilla-thunderbird <unfixed> (medium) NOTE: If print preview (and this bug) can be triggered from JavaScript, NOTE: the urgency should probably be raised. CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...) - firefox 1.5.dfsg+1.5.0.2-1 (high) - - thunderbird <unfixed> (medium) + - thunderbird 1.5.0.2-1 (medium) NOTE: New bug in Firefox 1.5. CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...) - firefox 1.5.dfsg+1.5.0.2-1 (low) @@ -712,7 +712,7 @@ CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 {DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the @@ -722,7 +722,7 @@ CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 - firefox <unfixed> (medium) - mozilla-firefox <unfixed> (medium) - mozilla <unfixed> (medium) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459 CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...) @@ -1146,7 +1146,7 @@ CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 {DSA-1046-1} - firefox <unfixed> (medium) - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable) NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the @@ -1155,7 +1155,7 @@ CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 {DSA-1046-1} - firefox <unfixed> (medium) - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable) NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the @@ -1164,7 +1164,7 @@ CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0 {DSA-1046-1} - firefox <unfixed> (medium) - mozilla-firefox <not-affected> (pre-1.5 version not vulnerable) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable) NOTE: MFSA2006-20 says exploitability has not been confirmed. NOTE: Thunderbird is potentially affected as well, but not in the @@ -2203,7 +2203,7 @@ CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a den - monopd <unfixed> (bug #355797) CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block ...) {DSA-1046-1} - - mozilla-thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 - firefox 1.5.dfsg+1.5.0.2-1 CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...) NOT-FOR-US: LISTSERV @@ -2545,6 +2545,7 @@ CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in Cute CVE-2006-0884 (The WYSIWYG rendering engine in Mozilla Thunderbird 1.0.7 and earlier ...) {DSA-1046-1} - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 - firefox 1.5.dfsg+1.5.0.2-1 CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...) - openssh 3.8.1p1-4 @@ -2826,14 +2827,14 @@ CVE-2006-0749 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1 - firefox <unfixed> (low) - mozilla-firefox <unfixed> (low) - mozilla <unfixed> (low) - - thunderbird <unfixed> (low) + - thunderbird 1.5.0.2-1 (low) - mozilla-thunderbird <unfixed> (low) CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...) {DSA-1046-1 DSA-1044-1} - firefox 1.5.dfsg+1.5.0.2-1 (high) - mozilla-firefox <unfixed> (high) - mozilla <unfixed> (high) - - thunderbird <unfixed> (high) + - thunderbird 1.5.0.2-1 (high) - mozilla-thunderbird <unfixed> (high) CVE-2006-0747 RESERVED @@ -3842,30 +3843,36 @@ CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunder - mozilla <not-affected> (E4X not implemented in Mozilla 1.7) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...) - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected) - mozilla <not-affected> (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...) - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected) - mozilla <not-affected> (Mozilla 1.7 is not affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...) - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-thunderbird <unfixed> - mozilla <not-affected> (Mozilla 1.7 is not affected) + - thunderbird 1.5.0.2-1 CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-firefox <unfixed> (bug #351442) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...) - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected) - mozilla <not-affected> (Mozilla 1.7 is not affected) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...) {DSA-1046-1} - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) @@ -3876,6 +3883,7 @@ CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox be - firefox 1.5.dfsg+1.5.0.1-1 (bug #351442) - mozilla-firefox <unfixed> (bug #351442) - mozilla-thunderbird <unfixed> + - thunderbird 1.5.0.2-1 CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...) NOT-FOR-US: Oracle CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...) |