[Secure-testing-commits] r12372 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Jul 18 05:40:34 UTC 2009 

Author: derevko-guest
Date: 2009-07-18 05:40:33 +0000 (Sat, 18 Jul 2009)
New Revision: 12372

Modified:
   data/CVE/list
Log:
xulrunner and vlc issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-18 05:17:37 UTC (rev 12371)
+++ data/CVE/list	2009-07-18 05:40:33 UTC (rev 12372)
@@ -1,11 +1,12 @@
 CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
-	TODO: check
+	- vlc <not-affected> (The vulnerability affects Windows builds only)
 CVE-2009-2479 (Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote ...)
-	TODO: check
+	- xulrunner <not-affected> 
+	NOTE: Affected version only available in experimental, only Firefox 3.5
+	TODO: check when 3.5 gets uploaded to unstable
 CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
-	TODO: check
-CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...)
-	TODO: check
+	- xulrunner <not-affected> (unimportant)
+	NOTE: browser crashes not treated as security issues
 CVE-2009-2476
 	RESERVED
 CVE-2009-2475
@@ -110,9 +111,10 @@
 	NOT-FOR-US: Xigla Software Absolute News Feed
 CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...)
 	NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
-CVE-2009-XXXX [Mozilla: shellcode injection in Javascript engine]
+CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...)
 	- xulrunner <not-affected> (high; bug #537104)
 	NOTE: Affected version only available in experimental, only Firefox 3.5
+	TODO: check when 3.5 gets uploaded to unstable
 CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...)
 	NOT-FOR-US: Tall Emu Online Armor Personal Firewall 
 CVE-2009-2449 (Directory traversal vulnerability in ...)
@@ -174,7 +176,6 @@
 	TODO: check after 2.3.x upload
 	NOTE: vulnerable code not present, introduced in 2.3.x
 	NOTE: to be fixed in upstream version 2.3.3
-	TODO: check
 CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...)
 	- mysql-dfsg-5.0 <unfixed> (low; bug #536726) 
 	TODO: check lenny/sid; they are likely fixed according to the report, but i did not check

More information about the Secure-testing-commits mailing list