[Secure-testing-commits] r5576 - data/CVE

Micah Anderson micah at alioth.debian.org
Fri Mar 23 23:31:19 CET 2007 

Author: micah
Date: 2007-03-23 22:31:16 +0000 (Fri, 23 Mar 2007)
New Revision: 5576

Modified:
   data/CVE/list
Log:
updates to mozilla products based on maintainer notes to list


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-03-22 22:07:56 UTC (rev 5575)
+++ data/CVE/list	2007-03-23 22:31:16 UTC (rev 5576)
@@ -1017,6 +1017,7 @@
 CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
 	- iceweasel <unfixed> (medium)
 	- iceape <unfixed> (medium)
+	- xulrunner <unfixed> (bug #415919; bug #415944; bug #415945; medium)
 	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
 	NOTE: older mozillas are not vulnerable
 	TODO: this should be checked
@@ -1088,6 +1089,8 @@
 	NOT-FOR-US: Google Desktop
 CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
 	- iceweasel <unfixed> (medium)
+	- iceape <unfixed> (medium)
+	- xulrunner <unfixed> (medium)
 CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
 	NOT-FOR-US: ConfigChk ActiveX control
 CVE-2007-1082 (FTP Explorer 1.0.1 Build 047 allows remote servers to cause a denial ...)
@@ -1426,6 +1429,9 @@
 	NOT-FOR-US: eTrust Intrusion Detection
 CVE-2007-1004 (Mozilla Firefox mmight allow remote attackers to condut spoofing and ...)
 	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
+	- xulrunner <unfixed> (low)
+	NOTE: maintainer notes that this may affect browsers based on xulrunner
 CVE-2007-1003
 	RESERVED
 CVE-2007-1002
@@ -2002,8 +2008,10 @@
 CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
 	- iceweasel <unfixed> (low)
 CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
-	- iceweasel <unfixed> (low)
+	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- firefox <removed> (low)
+	- iceape 1.0.8-1 (low)
+	- xulrunner 1.8.0.10-1 (low)
 CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
 	NOTE: MFSA-2007-05
 	- iceweasel 2.0.0.2+dfsg-1 (medium)
@@ -4910,12 +4918,12 @@
 CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...)
 	NOTE: MFSA-2006-76
 	- iceweasel 2.0.0.1+dfsg-1 (high)
-	- xulrunner <unfixed> (high)
-	- iceape <unfixed> (high)
+	- xulrunner <not-affected> (maintainer reported)
+	- iceape <not-affected> (maintainer reported)
 CVE-2006-6506 (The &quot;Feed Preview&quot; feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
 	NOTE: MFSA-2006-75
 	- iceweasel 2.0.0.1+dfsg-1 (low)
-	- iceape <unfixed> (low)
+	- iceape <not-affected> (maintainer reported)
 CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...)
 	{DSA-1265-1}
 	NOTE: MFSA-2006-74
@@ -9252,7 +9260,7 @@
 CVE-2006-4562 (** DISPUTED ** ...)
 	NOT-FOR-US: Symantec
 CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
-	- xulrunner <unfixed> (low)
+	- xulrunner 1.8.0.7-1 (low)
 	- firefox 1.5.dfsg+1.5.0.7-1 (low)
 	- mozilla <unfixed> (low)
 	- mozilla-firefox <removed> (low)
@@ -18891,6 +18899,8 @@
 	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
 	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (bug #349339)
 	- mozilla <unfixed>
+	- iceape <unfixed>
+	- xulrunner <unfixed>
 CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
 	NOT-FOR-US: MyBB
 CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)

More information about the Secure-testing-commits mailing list