[Secure-testing-commits] r5074 - data/CVE

[Moritz Muehlenhoff]

Author: jmm-guest
Date: 2006-12-05 21:53:30 +0100 (Tue, 05 Dec 2006)
New Revision: 5074

Modified:
   data/CVE/list
Log:
CVE-2006-4253 not much of a security problem on sarge


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2006-12-05 20:14:15 UTC (rev 5073)
+++ data/CVE/list	2006-12-05 20:53:30 UTC (rev 5074)
@@ -4411,7 +4411,6 @@
 	- cscope 15.5+cvs20060902-1 (low; bug #385893)
 CVE-2006-4261
 	REJECTED
-	NOTE: Duplicate of CVE-2006-4253
 CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
 	NOT-FOR-US: Fotopholder
 CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
@@ -4428,14 +4427,14 @@
 	NOT-FOR-US: IBM AIX
 CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
 	NOTE: MFSA-2006-59
-	- xulrunner 1.8.0.7-1 (high)
-	- firefox 1.5.dfsg+1.5.0.7-1 (high)
-	- mozilla <unfixed> (high)
-	- mozilla-firefox <removed> (high)
-	[sarge] - mozilla <unfixed> (low)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
-	NOTE: On Sarge this is only a DoS, not code injection
+	- xulrunner 1.8.0.7-1 (medium)
+	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
+	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.7-1 (low)
+	- mozilla-firefox <removed> (unimportant)
+	[sarge] - mozilla <unfixed> (unimportant)
+	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
+	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
 CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
 	- pdns-recursor 3.1.4-1 (bug #398559)
 	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)