[Secure-testing-commits] r12063 - in data: . CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Jun 6 22:29:36 UTC 2009 

Author: derevko-guest
Date: 2009-06-06 22:29:35 +0000 (Sat, 06 Jun 2009)
New Revision: 12063

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
kompozer issues tracking

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-06-06 20:46:12 UTC (rev 12062)
+++ data/CVE/list	2009-06-06 22:29:35 UTC (rev 12063)
@@ -1662,10 +1662,13 @@
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	- kompozer <unfixed> (unimportant)
+	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
 CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...)
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	- kompozer 1:0.8~alpha2+dfsg+svn129-3
 CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...)
 	- iceweasel 3.0.9-1
 	[etch] - iceweasel <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
@@ -1673,6 +1676,8 @@
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	- kompozer <unfixed> (unimportant)
+	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
 CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
@@ -1689,6 +1694,7 @@
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+	- kompozer <unfixed> (low)
 CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
@@ -2438,6 +2444,7 @@
 CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...)
 	{DSA-1756-1}
 	- xulrunner 1.9.0.8-1
+	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-1168
 	RESERVED
 CVE-2009-1167
@@ -2877,6 +2884,7 @@
 CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...)
 	{DSA-1756-1}
 	- xulrunner 1.9.0.8-1
+	- kompozer 1:0.8~alpha2+dfsg+svn129-3
 CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...)
@@ -3718,6 +3726,7 @@
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.7-1
+	- kompozer 1:0.8~alpha2+dfsg+svn129-3
 CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
 	{DSA-1751-1}
 	- xulrunner 1.9.0.7-1
@@ -3740,6 +3749,7 @@
 	{DSA-1751-1}
 	- xulrunner 1.9.0.7-1
 	[etch] - xulrunner <not-affected> (Vulnerable code not present)
+	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: QIP
 CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...)
@@ -5582,12 +5592,14 @@
 	- xulrunner 1.9.0.5-1
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
+	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...)
 	- iceweasel 3.0
 	NOTE: Iceweasel in Lenny links against Xulrunner
 	- xulrunner 1.9.0.5-1
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
+	- kompozer <not-affected> (.desktop file support is not available)
 CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...)
 	- iceweasel 3.0.6-1
 CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...)
@@ -5610,6 +5622,7 @@
 	- iceape 1.1.14-1.1  
 	NOTE: Iceape in Lenny only provides XPCOM libs
 	- icedove <unfixed>
+	- kompozer 1:0.8~alpha2+dfsg+svn129-1
 CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...)
 	NOT-FOR-US: Systrace
 CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-06-06 20:46:12 UTC (rev 12062)
+++ data/embedded-code-copies	2009-06-06 22:29:35 UTC (rev 12063)
@@ -154,6 +154,7 @@
 	- icedove <unfixed> (embed)
 	- xulrunner <unfixed> (embed)
 	- nvu <removed> (embed)
+	- kompozer <unfixed> (embed)
 
 xli
 	- xloadimage <unfixed> (embed)

More information about the Secure-testing-commits mailing list