[Openvas-commits] r1828 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Nov 25 17:33:43 CET 2008 

Author: reinke
Date: 2008-11-25 17:33:42 +0100 (Tue, 25 Nov 2008)
New Revision: 1828

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/deb_1669_1.nasl
Log:
Bugfix to deb_1669_1.nasl

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-11-25 14:54:28 UTC (rev 1827)
+++ trunk/openvas-plugins/ChangeLog	2008-11-25 16:33:42 UTC (rev 1828)
@@ -1,3 +1,7 @@
+2008-11-25 Thomas Reinke <reinke at securityspace.com>
+	* Reduced deb_1669_1.nasl description string to
+	  allow it to load.
+
 2008-11-24 Thomas Reinke <reinke at securityspace.com>
 	* deb_1666_1.nasl deb_1667_1.nasl deb_1668_1.nasl deb_1669_1.nasl
 	  freebsd_dovecot1.nasl freebsd_enscript-a40.nasl

Modified: trunk/openvas-plugins/scripts/deb_1669_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1669_1.nasl	2008-11-25 14:54:28 UTC (rev 1827)
+++ trunk/openvas-plugins/scripts/deb_1669_1.nasl	2008-11-25 16:33:42 UTC (rev 1828)
@@ -41,140 +41,10 @@
 announced via advisory DSA 1669-1.
 
 Several remote vulnerabilities have been discovered in Xulrunner, a
-runtime environment for XUL applications. The Common Vulnerabilities
-and Exposures project identifies the following problems:
+runtime environment for XUL applications. For details on the issues
+addressed with this update, please visit the referenced security
+advisories.
 
-CVE-2008-0016
-
-Justin Schuh, Tom Cross and Peter Williams discovered a buffer
-overflow in the parser for UTF-8 URLs, which may lead to the
-execution of arbitrary code.
-
-CVE-2008-3835
-
-moz_bug_r_a4 discovered that the same-origin check in
-nsXMLDocument::OnChannelRedirect() could by bypassed.
-
-CVE-2008-3836
-
-moz_bug_r_a4 discovered that several vulnerabilities in
-feedWriter could lead to Chrome privilege escalation.
-
-CVE-2008-3837
-
-Paul Nickerson discovered that an attacker could move windows
-during a mouse click, resulting in unwanted action triggered by
-drag-and-drop.
-
-CVE-2008-4058
-
-moz_bug_r_a4 discovered a vulnerability which can result in
-Chrome privilege escalation through XPCNativeWrappers.
-
-CVE-2008-4059
-
-moz_bug_r_a4 discovered a vulnerability which can result in
-Chrome privilege escalation through XPCNativeWrappers.
-
-CVE-2008-4060
-
-Olli Pettay and moz_bug_r_a4 discovered a Chrome privilege
-escalation vulnerability in XSLT handling.
-
-CVE-2008-4061
-
-Jesse Ruderman discovered a crash in the layout engine, which might
-allow the execution of arbitrary code.
-
-CVE-2008-4062
-
-Igor Bukanov, Philip Taylor, Georgi Guninski and Antoine Labour
-discovered crashes in the Javascript engine, which might allow the
-execution of arbitrary code.
-
-CVE-2008-4065
-
-Dave Reed discovered that some Unicode byte order marks are
-stripped from Javascript code before execution, which can result in
-code being executed, which were otherwise part of a quoted string.
-
-CVE-2008-4066
-
-Gareth Heyes discovered that some Unicode surrogate characters are
-ignored by the HTML parser.
-
-CVE-2008-4067
-
-Boris Zbarsky discovered that resource: URls allow directory
-traversal when using URL-encoded slashes.
-
-CVE-2008-4068
-
-Georgi Guninski discovered that resource: URLs could bypass local
-access restrictions.
-
-CVE-2008-4069
-
-Billy Hoffman discovered that the XBM decoder could reveal
-uninitialised memory.
-
-CVE-2008-4582
-
-Liu Die Yu discovered an information leak through local shortcut
-files.
-
-CVE-2008-5012
-
-Georgi Guninski, Michal Zalewski and Chris Evan discovered that
-the canvas element could be used to bypass same-origin
-restrictions.
-
-CVE-2008-5013
-
-It was discovered that insufficient checks in the Flash plugin glue
-code could lead to arbitrary code execution.
-
-CVE-2008-5014
-
-Jesse Ruderman discovered that a programming error in the
-window.__proto__.__proto__ object could lead to arbitrary code
-execution.
-
-CVE-2008-5017
-
-It was discovered that crashes in the layout engine could lead to
-arbitrary code execution.
-
-CVE-2008-5018
-
-It was discovered that crashes in the Javascript engine could lead to
-arbitrary code execution.
-
-CVE-2008-0017
-
-Justin Schuh discovered that a buffer overflow in http-index-format
-parser could lead to arbitrary code execution.
-
-CVE-2008-5021
-
-It was discovered that a crash in the nsFrameManager might lead to
-the execution of arbitrary code.
-
-CVE-2008-5022
-
-moz_bug_r_a4 discovered that the same-origin check in
-nsXMLHttpRequest::NotifyEventListeners() could be bypassed.
-
-CVE-2008-5023
-
-Collin Jackson discovered that the -moz-binding property bypasses
-security checks on codebase principals.
-
-CVE-2008-5024
-
-Chris Evans discovered that quote characters were improperly
-escaped in the default namespace of E4X documents.
-
 For the stable distribution (etch), these problems have been fixed in
 version 1.8.0.15~pre080614h-0etch1. Packages for mips will be provided
 later.

More information about the Openvas-commits mailing list