[Secure-testing-commits] r7038 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Sat Oct 20 13:05:48 UTC 2007
Author: jmm-guest
Date: 2007-10-20 13:05:48 +0000 (Sat, 20 Oct 2007)
New Revision: 7038
Modified:
data/CVE/list
Log:
first round of mozilla cleanups
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-20 12:59:17 UTC (rev 7037)
+++ data/CVE/list 2007-10-20 13:05:48 UTC (rev 7038)
@@ -4347,6 +4347,7 @@
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...)
NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products in Sarge no longer supported)
- mozilla-firefox <removed>
- iceweasel <unfixed>
- iceape <unfixed>
@@ -11432,7 +11433,7 @@
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (low)
[sarge] - mozilla-tunderbird <unfixed> (low)
- [sarge] - mozilla-firefox <unfixed> (low)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (low)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
{DSA-1336-1}
@@ -11985,7 +11986,7 @@
- iceweasel 2.0.0.2+dfsg-1 (medium)
- iceape 1.0.8-1 (medium)
- xulrunner 1.8.0.10-1 (medium)
- [sarge] - mozilla-firefox <unfixed> (medium)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (medium)
- firefox <removed> (medium)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
@@ -12041,7 +12042,7 @@
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (low)
- [sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...)
{DSA-1336-1}
@@ -12049,7 +12050,7 @@
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (low)
- [sarge] - mozilla-firefox <unfixed> (low)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (low)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
NOTE: MFSA-2007-01
@@ -12057,7 +12058,7 @@
- iceape 1.0.8-1 (high)
- icedove 1.5.0.10.dfsg1-1 (low)
- xulrunner 1.8.0.10-1 (high)
- [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla-thunderbird <unfixed> (low)
[sarge] - mozilla <unfixed> (high)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
@@ -12076,7 +12077,7 @@
- iceape 1.0.8-1 (high)
- icedove 1.5.0.10.dfsg1-1 (low)
- xulrunner 1.8.0.10-1 (high)
- [sarge] - mozilla-firefox <unfixed> (low)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla-thunderbird <unfixed> (low)
[sarge] - mozilla <unfixed> (low)
NOTE: Only one of the crashes can be triggered in Sarge, 326864
@@ -14539,7 +14540,7 @@
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (high)
- icedove 1.5.0.10.dfsg1-1
- [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (high)
- firefox <removed> (high)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
@@ -14549,7 +14550,7 @@
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (high)
- icedove 1.5.0.10.dfsg1-1
- [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (high)
- firefox <removed> (high)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
@@ -15914,7 +15915,7 @@
NOTE: MFSA-2007-02
- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
- iceape 1.0.8-1 (high)
- [sarge] - mozilla-firefox <unfixed> (high)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla <unfixed> (high)
- xulrunner 1.8.0.10-1 (medium)
NOTE: Epiphany affected by xulrunner
@@ -19266,6 +19267,7 @@
- xulrunner 1.8.0.7-1 (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- mozilla <unfixed> (low)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
NOT-FOR-US: Internet Explorer
@@ -25924,7 +25926,7 @@
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1}
- firefox 1.5.dfsg+1.5.0.2 (medium)
- - mozilla-firefox <unfixed> (medium)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- mozilla <unfixed> (medium)
- thunderbird 1.5.0.2-1 (low)
- xulrunner 1.8.0.1-9
@@ -28898,8 +28900,8 @@
- firefox <removed> (bug #349339)
- iceweasel <unfixed> (low; bug #349339)
[etch] - iceweasel <no-dsa> (Minor design issue, affects only broken setups)
- NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339)
+ [sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- mozilla <unfixed> (low)
- iceape <unfixed> (low)
[etch] - iceape <no-dsa> (Minor design issue, affects only broken setups)
More information about the Secure-testing-commits
mailing list