[Secure-testing-commits] r5214 - data/CVE

Sun Jan 7 12:55:32 CET 2007

Author: jmm-guest
Date: 2007-01-07 12:55:30 +0100 (Sun, 07 Jan 2007)
New Revision: 5214

Modified:
   data/CVE/list
Log:
xulrunner fixed


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2007-01-06 21:00:29 UTC (rev 5213)
+++ data/CVE/list	2007-01-07 11:55:30 UTC (rev 5214)
@@ -908,7 +908,7 @@
 CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...)
 	NOTE: MFSA-2006-73
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	NOTE: Flaw was introduced in Firefox 1.5.0.4
@@ -917,7 +917,7 @@
 CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...)
 	NOTE: MFSA-2006-72
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	- mozilla <removed> (high)
@@ -927,7 +927,7 @@
 CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...)
 	NOTE: MFSA-2006-71
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	- mozilla <removed> (high)
@@ -938,7 +938,7 @@
 CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
 	NOTE: MFSA-2006-70
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	- mozilla <removed> (high)
@@ -948,7 +948,7 @@
 CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...)
 	NOTE: MFSA-2006-69
 	- iceweasel <not-affected> (windows only)
-	- xulrunner <not-affected> (windows only)
+	- xulrunner 1.8.0.9-1 (windows only)
 	- iceape <not-affected> (windows only)
 	- firefox <not-affected> (windows only)
 	- mozilla <not-affected> (windows only)
@@ -958,7 +958,7 @@
 CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
 	NOTE: MFSA-2006-68
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	- mozilla <removed> (high)
@@ -970,7 +970,7 @@
 CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...)
 	NOTE: MFSA-2006-68
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
+	- xulrunner 1.8.0.9-1 (high)
 	- iceape 1.0.7-1 (high)
 	- firefox <removed> (high)
 	- mozilla <removed> (high)
@@ -980,7 +980,7 @@
 CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...)
 	NOTE: MFSA-2006-68
 	- iceweasel 2.0.0.1+dfsg-1 (medium)
-	- xulrunner <unfixed> (medium)
+	- xulrunner 1.8.0.9-1 (medium)
 	- iceape 1.0.7-1 (medium)
 	- firefox <removed> (medium)
 	- mozilla <removed> (medium)
@@ -1238,7 +1238,7 @@
 CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
 	- phpmyadmin <unfixed> (unimportant; bug #404744)
 	[sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
-	[etch] - phpmyadmin <no-dsa> (not exploitable with Etch's php versions)
+	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
 	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
 	- phpmyadmin <unfixed> (unimportant)
@@ -4560,7 +4560,7 @@
 CVE-2006-4843
 	RESERVED
 CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
-	- xulrunner <unfixed> (low; bug #405062)
+	- xulrunner 1.8.0.9-1 (low; bug #405062)
 	[sarge] - mozilla <unfixed> (low)
 	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
 	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470


