[Secure-testing-commits] r5056 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-12-03 23:17:22 +0100 (Sun, 03 Dec 2006)
New Revision: 5056

Modified:
   data/CVE/list
Log:
one mozilla issue not for sarge
let's treat mozilla issues, which are clearly only denial of service
w/o potential for code injection as unimportant. all potential losses
(e.g. some open tabs) are minimal, the attack vector can be mitigated by
not visiting the page again and ultimately firefox is not exactly
a application suited for HA...
(low for xulrunner, which might have different fields of application)


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-03 22:08:48 UTC (rev 5055)
+++ data/CVE/list	2006-12-03 22:17:22 UTC (rev 5056)
@@ -925,6 +925,7 @@
 	- firefox <unfixed> (high)
 	- icedove 1.5.0.8-1 (medium)
 	- mozilla <unfixed> (medium)
+	[sarge] - mozilla <not-affected> (Vulnerable code not present)
 	- xulrunner <unfixed> (high)
 	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
 	- mozilla-thunderbird <removed> (medium)
@@ -1157,12 +1158,12 @@
 CVE-2006-5634 (Multile PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
 	NOT-FOR-US: phpProfiles
 CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
-	- firefox <unfixed> (low)
-	- icedove <unfixed> (low)
-	- mozilla <unfixed> (low)
+	- firefox <unfixed> (unimportant)
+	- icedove <unfixed> (unimportant)
+	- mozilla <unfixed> (unimportant)
 	- xulrunner <unfixed> (low)
-	- mozilla-firefox <removed> (low)
-	- mozilla-thunderbird <removed> (low)
+	- mozilla-firefox <removed> (unimportant)
+	- mozilla-thunderbird <removed> (unimportant)
 CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
 	NOT-FOR-US: iG Shop
 CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)