[Secure-testing-commits] r12714 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sun Aug 30 23:39:23 UTC 2009
Author: gilbert-guest
Date: 2009-08-30 23:39:23 +0000 (Sun, 30 Aug 2009)
New Revision: 12714
Modified:
data/CVE/list
Log:
as per discussion, xulrunner not affected by libpng issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-30 21:35:46 UTC (rev 12713)
+++ data/CVE/list 2009-08-30 23:39:23 UTC (rev 12714)
@@ -3009,8 +3009,7 @@
- libpng 1.2.37-1 (low; bug #533676)
[etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
[lenny] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
- - xulrunner <unfixed>
- NOTE: libpng code copy present in xulrunner [./modules/libimg/png/*] and possibly [./gfx/cairo/cairo/*]
+ - xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used)
CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...)
NOT-FOR-US: activeCollab
CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...)
More information about the Secure-testing-commits
mailing list