[Secure-testing-commits] r10018 - data/CVE

jmm-guest at alioth.debian.org jmm-guest at alioth.debian.org
Tue Oct 7 08:04:04 UTC 2008 

Author: jmm-guest
Date: 2008-10-07 08:04:03 +0000 (Tue, 07 Oct 2008)
New Revision: 10018

Modified:
   data/CVE/list
Log:
Mozilla issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-10-07 07:05:43 UTC (rev 10017)
+++ data/CVE/list	2008-10-07 08:04:03 UTC (rev 10018)
@@ -872,41 +872,64 @@
 CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
 	- iceape 1.1.12-1
 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 	- iceape 1.1.12-1
-	- xulrunner 1.9.0.3-1
 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
-	- xulrunner 1.9.0.3-1
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
 	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	[etch] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
 	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	[etch] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
 	NOT-FOR-US: Objective Development Sharity
 CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
@@ -1432,13 +1455,19 @@
 CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
 	NOT-FOR-US: Solaris
 CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
-	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1 (low)
+	- xulrunner 1.9.0.3-1 (low)
+	- iceape 1.1.12-1 (low)
 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- xulrunner 1.9
+	- iceweasel 3.0
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-3834
 	RESERVED
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
@@ -11209,8 +11238,11 @@
 CVE-2008-0017
 	RESERVED
 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- xulrunner 1.9
+	- iceweasel 3.0
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-0015
 	RESERVED
 CVE-2008-0014

More information about the Secure-testing-commits mailing list