[Secure-testing-commits] r13269 - in data: CVE DSA

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Nov 10 18:17:17 UTC 2009 

Author: gilbert-guest
Date: 2009-11-10 18:17:17 +0000 (Tue, 10 Nov 2009)
New Revision: 13269

Modified:
   data/CVE/list
   data/DSA/list
Log:
xulrunner triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-10 17:47:22 UTC (rev 13268)
+++ data/CVE/list	2009-11-10 18:17:17 UTC (rev 13269)
@@ -1349,18 +1349,20 @@
 	- xulrunner 1.9.1.4-1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
-	- libvorbis 1.2.3-1
+	- libvorbis 1.2.3-1 (medium)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
 CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...)
 	- xulrunner 1.9.1.4-1
-	- liboggplay <unfixed> (bug filed)
+	[etch] - xulrunner <not-affected> (ogg support added in firefox 3.5)
+	[lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5)
+	- liboggplay <unfixed> (medium; bug #552743)
 CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
 	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
-	- liboggz 0.9.9-1
+	- liboggz 0.9.9-1 (medium)
 CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
 	{DSA-1922-1}
 	- xulrunner 1.9.1.4-1
@@ -1384,7 +1386,11 @@
 CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...)
 	- icedove <unfixed> (bug #555313)
 	- iceweasel 3.5.4-1
+	[etch] - iceweasel <not-affected> (web workers introduced in firefox 3.5)
+	[lenny] - iceweasel <not-affected> (web workers introduced in firefox 3.5)
 	- xulrunner 1.9.1.4-1
+	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
+	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
 	- kompozer <unfixed> (unimportant; bug #555326)
 	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
 CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...)

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2009-11-10 17:47:22 UTC (rev 13268)
+++ data/DSA/list	2009-11-10 18:17:17 UTC (rev 13269)
@@ -373,7 +373,7 @@
 	[etch] - git-core 1:1.4.4.4-4+etch3
 	[lenny] - git-core 1:1.5.6.5-3+lenny2
 [23 Jul 2009] DSA-1840-1 xulrunner - several vulnerabilities
-	{CVE-2009-2462 CVE-2009-2463 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472}
+	{CVE-2009-2462 CVE-2009-2464 CVE-2009-2465 CVE-2009-2466 CVE-2009-2467 CVE-2009-2469 CVE-2009-2470 CVE-2009-2471 CVE-2009-2472}
 	[lenny] - xulrunner 1.9.0.12-0lenny1
 [19 Jul 2009] DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution
 	{CVE-2009-1932}

More information about the Secure-testing-commits mailing list