[Secure-testing-commits] r13287 - in data: . CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Nov 15 06:48:15 UTC 2009 

Author: gilbert-guest
Date: 2009-11-15 06:48:14 +0000 (Sun, 15 Nov 2009)
New Revision: 13287

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
bugs submitted for some old low-urgency firefox issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-11-15 05:18:21 UTC (rev 13286)
+++ data/CVE/list	2009-11-15 06:48:14 UTC (rev 13287)
@@ -39657,7 +39657,7 @@
 CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
 	NOT-FOR-US: fotokategori.asp
 CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
-	- iceweasel <unfixed> (low)
+	- iceweasel <unfixed> (low; bug #556267)
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	[lenny] - iceweasel <no-dsa> (Minor issue)
 CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
@@ -41982,14 +41982,24 @@
 CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
 	NOT-FOR-US: Google Desktop
 CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
-	- iceweasel 2.0.0.3-1 (low)
+	- iceweasel <unfixed> (low; bug #556268)
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	[lenny] - iceweasel <no-dsa> (Minor issue)
-	- iceape 1.1.14-1.1
-	NOTE: Iceape source package in Lenny only provides a few base libs
+	- iceape <unfixed> (low)
 	[etch] - iceape <no-dsa> (Minor issue)
-	NOTE: xulrunner by itself is not affeced, but other browsers based on xulrunner may be affected
-	TODO: check epiphany, galeon and kazehakase
+	[lenny] - iceape <no-dsa> (minor issue)
+	- epiphany-browser <unfixed> (low; bug #556272)
+	[etch] - epiphany-browser <no-dsa> (minor issue)
+	[lenny] - epiphany-browser <no-dsa> (minor issue)
+	NOTE: only epiphany-gecko backend affected
+	- galeon <unfixed> (low; bug #556270)
+	[etch] - galeon <no-dsa> (minor issue)
+	[lenny] - galeon <no-dsa> (minor issue)
+	- kazehakase <unfixed> (low; bug #556271)
+	[etch] - kazehakase <no-dsa> (minor issue)
+	[lenny] - kazehakase <no-dsa> (minor issue)
+	- conkeror <not-affected> (doesn't support bookmarks)
+	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
 CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
 	NOT-FOR-US: ConfigChk ActiveX control
 CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2009-11-15 05:18:21 UTC (rev 13286)
+++ data/embedded-code-copies	2009-11-15 06:48:14 UTC (rev 13287)
@@ -164,6 +164,10 @@
 	- icedove <unfixed> (fork)
 	- xulrunner <unfixed> (fork)
 	- kompozer <unfixed> (embed; bug #532168)
+	- galeon <unfixed> (fork)
+	- epiphany-browser <unfixed> (fork)
+	- conkeror <unfixed> (fork)
+	- kazehakase <unfixed> (fork)
 
 xli
 	- xloadimage <unfixed> (embed)

More information about the Secure-testing-commits mailing list