[Secure-testing-commits] r12476 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Tue Aug 4 15:15:06 UTC 2009
Author: derevko-guest
Date: 2009-08-04 15:15:05 +0000 (Tue, 04 Aug 2009)
New Revision: 12476
Modified:
data/CVE/list
Log:
CVE-2009-2408 and CVE-2009-2404 are fixed in nss 3.12.3-1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-04 11:21:37 UTC (rev 12475)
+++ data/CVE/list 2009-08-04 15:15:05 UTC (rev 12476)
@@ -31,7 +31,7 @@
CVE-2009-2408 (Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly ...)
- openssl <unfixed> (medium; bug #539499)
- xulrunner <unfixed> (medium)
- - nss 3.12.3-1 (medium)
+ - nss 3.12.3-1 (medium; bug #539934)
NOTE: asked maintainer to check whether openssl affected
NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded
TODO: check whether other web browsers are affected and file bugs
@@ -690,7 +690,7 @@
CVE-2009-2405
RESERVED
CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...)
- TODO: check
+ - nss 3.12.3-1 (low; bug #539934)
CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...)
NOT-FOR-US: SCMPX
CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...)
More information about the Secure-testing-commits
mailing list