[Secure-testing-commits] r11067 - data/CVE

[white at alioth.debian.org]

Author: white
Date: 2009-01-28 01:04:57 +0000 (Wed, 28 Jan 2009)
New Revision: 11067

Modified:
   data/CVE/list
Log:
Add maintainer's input to missing ice* issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-01-28 00:27:43 UTC (rev 11066)
+++ data/CVE/list	2009-01-28 01:04:57 UTC (rev 11067)
@@ -1610,6 +1610,7 @@
 	- icedove 2.0.0.19-1
 	- iceape 1.1.14-1
 	- xulrunner 1.9.0.5-1
+	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
 CVE-2008-5509
 	RESERVED
 CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
@@ -1632,10 +1633,12 @@
 	- xulrunner 1.9.0.5-1
 CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
 	- iceweasel 3.0.5-1
+	NOTE: patch now available and will be checked for next patch round
 CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
 	{DSA-1707-1}
 	- iceweasel 3.0
 	- xulrunner 1.9
+	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
 	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
 	NOTE: Original fix for CVE-2008-3836 was incomplete
 CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
@@ -2897,6 +2900,7 @@
 	- iceweasel 3.0.4-1
 	- xulrunner 1.9.0.4-1
 	- iceape 1.1.13-1
+	NOTE: iceape will be checked by Alexander
 CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...)
 	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
 	- xulrunner 1.9.0.4-1
@@ -2915,6 +2919,7 @@
 	{DSA-1671-1}
 	- iceweasel 3.0.4-1
 	- xulrunner 1.9.0.4-1
+	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
 CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
 	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
 	- iceweasel 3.0.4-1