[Secure-testing-commits] r12476 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Tue Aug 4 15:15:06 UTC 2009


Author: derevko-guest
Date: 2009-08-04 15:15:05 +0000 (Tue, 04 Aug 2009)
New Revision: 12476

Modified:
   data/CVE/list
Log:
CVE-2009-2408 and CVE-2009-2404 are fixed in nss 3.12.3-1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-04 11:21:37 UTC (rev 12475)
+++ data/CVE/list	2009-08-04 15:15:05 UTC (rev 12476)
@@ -31,7 +31,7 @@
 CVE-2009-2408 (Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly ...)
 	- openssl <unfixed> (medium; bug #539499)
 	- xulrunner <unfixed> (medium)
-	- nss 3.12.3-1 (medium)  
+	- nss 3.12.3-1 (medium; bug #539934)  
 	NOTE: asked maintainer to check whether openssl affected
 	NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded
 	TODO: check whether other web browsers are affected and file bugs
@@ -690,7 +690,7 @@
 CVE-2009-2405
 	RESERVED
 CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...)
-	TODO: check
+	 - nss 3.12.3-1 (low; bug #539934) 
 CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...)
 	NOT-FOR-US: SCMPX
 CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...)




More information about the Secure-testing-commits mailing list