[Secure-testing-commits] r10817 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Sun Dec 28 20:14:51 UTC 2008 

Author: jmm-guest
Date: 2008-12-28 20:14:51 +0000 (Sun, 28 Dec 2008)
New Revision: 10817

Modified:
   data/CVE/list
Log:
more mozilla fun


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-12-28 20:09:53 UTC (rev 10816)
+++ data/CVE/list	2008-12-28 20:14:51 UTC (rev 10817)
@@ -4,7 +4,8 @@
 	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
 	NOTE: yet been fixed in Debian
 CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...)
-	TODO: check
+	- iceweasel <unfixed> (unimportant)
+        NOTE: Browser crashes not treated as security issues
 CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
 	- qemu <unfixed> (low; bug #509882)
 	[etch] - qemu <not-affected> (Vulnerable code not present)
@@ -52,7 +53,7 @@
 CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX ...)
 	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
 CVE-2008-5690 (The Kerberos credential renewal feature in Solaris 8, 9, and 10, and ...)
-	TODO: check
+	NOT-FOR-US: Solaris
 CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...)
 	NOT-FOR-US: Solaris
 CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails ...)
@@ -524,9 +525,15 @@
 CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
 	- iceweasel 3.0.5-1
 CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
-	TODO: check
+	- iceweasel 3.0
+	- xulrunner 1.9
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	NOTE: Original fix for CVE-2008-3836 was incomplete
 CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
-	TODO: check
+	- iceape 1.1.13-1
+	- iceweasel 3.0
+	- xulrunner 1.9
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
 CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
 	- iceweasel 3.0.5-1
         [etch] - iceweasel <not-affected> (Firefox 2.x not affected)

More information about the Secure-testing-commits mailing list