[Secure-testing-commits] r7093 - data/CVE
jmm-guest at alioth.debian.org
jmm-guest at alioth.debian.org
Wed Oct 24 22:14:32 UTC 2007
Author: jmm-guest
Date: 2007-10-24 22:14:31 +0000 (Wed, 24 Oct 2007)
New Revision: 7093
Modified:
data/CVE/list
Log:
more mozilla/sarge cleanups
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-10-24 20:57:42 UTC (rev 7092)
+++ data/CVE/list 2007-10-24 22:14:31 UTC (rev 7093)
@@ -6235,8 +6235,7 @@
[etch] - iceweasel <no-dsa> (Minor issue)
- iceape <unfixed> (low)
[etch] - iceape <no-dsa> (Minor issue)
- - firefox <removed> (low)
- - mozilla <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner <unfixed> (low)
[etch] - xulrunner <no-dsa> (Minor issue)
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...)
@@ -6387,8 +6386,7 @@
CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in ...)
- iceweasel <unfixed> (medium)
- iceape <unfixed> (medium)
- - firefox <removed> (medium)
- - mozilla <removed> (medium)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner <unfixed> (medium)
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
@@ -6426,8 +6424,7 @@
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...)
- iceweasel <unfixed> (low)
- iceape <unfixed> (low)
- - firefox <removed> (low)
- - mozilla <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- xulrunner <unfixed> (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
- iceweasel <unfixed>
@@ -8267,8 +8264,7 @@
{DSA-1392-1 DTSA-69-1}
- iceweasel 2.0.0.8-1 (low)
[etch] - iceweasel <no-dsa> (Minor issue)
- - firefox <removed> (low)
- - mozilla <removed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
@@ -11651,9 +11647,9 @@
- iceweasel 2.0.0.2+dfsg-1 (low)
- iceape 1.0.8-1 (low)
- xulrunner 1.8.0.10-1 (low)
- [sarge] - mozilla-tunderbird <unfixed> (low)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
{DSA-1336-1}
- iceweasel 2.0.0.2+dfsg-2 (medium)
@@ -12205,8 +12201,7 @@
- iceape 1.0.8-1 (medium)
- xulrunner 1.8.0.10-1 (medium)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla <unfixed> (medium)
- - firefox <removed> (medium)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
@@ -12296,8 +12291,8 @@
- icedove 1.5.0.10.dfsg1-1 (low)
- xulrunner 1.8.0.10-1 (high)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- [sarge] - mozilla-thunderbird <unfixed> (low)
- [sarge] - mozilla <unfixed> (low)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
- libapache-mod-jk 1:1.2.21-1 (medium)
@@ -15140,7 +15135,7 @@
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...)
{DSA-1265-1}
NOTE: MFSA-2006-74
- - mozilla-thunderbird <removed> (high)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
- icedove 1.5.0.9.dfsg1-1 (high)
- iceape 1.0.7-1 (high)
- mozilla <removed>
@@ -19482,9 +19477,8 @@
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
- xulrunner 1.8.0.7-1 (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- - mozilla <unfixed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- - mozilla-firefox <removed> (low)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...)
@@ -29114,12 +29108,11 @@
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
- - firefox <removed> (bug #349339)
- iceweasel <unfixed> (low; bug #349339)
[etch] - iceweasel <no-dsa> (Minor design issue, affects only broken setups)
- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
- - mozilla <unfixed> (low)
+ [sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
- iceape <unfixed> (low)
[etch] - iceape <no-dsa> (Minor design issue, affects only broken setups)
- xulrunner <unfixed> (low)
@@ -29826,7 +29819,7 @@
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
- - mozilla-thunderbird 1.5.0.2-1 (bug #349242; bug #363777; medium)
+ [sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
More information about the Secure-testing-commits
mailing list