[Secure-testing-commits] r13159 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Oct 30 22:42:38 UTC 2009 

Author: gilbert-guest
Date: 2009-10-30 22:42:38 +0000 (Fri, 30 Oct 2009)
New Revision: 13159

Modified:
   data/CVE/list
Log:
- xulrunner >1.9.1 is in unstable; fix up some tracking
- remove squeeze hacks for stuff that is no longer automatically transitioning from stable

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-10-30 22:42:27 UTC (rev 13158)
+++ data/CVE/list	2009-10-30 22:42:38 UTC (rev 13159)
@@ -3707,9 +3707,9 @@
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
 	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
-	- xulrunner <not-affected> (medium; bug #540961)
-	NOTE: vorbis support added in 1.9.0.13 and 1.9.1.0, which have not yet entered the archive
-	TODO: recheck when 1.9.0.13 or 1.9.1.x enter stable/unstable
+	- xulrunner 1.9.1.2-1 (medium; bug #540961)
+	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
+	[lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
 CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
 	{DSA-1873-1}
 	- xulrunner 1.9.0.13-1
@@ -3745,7 +3745,6 @@
 CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
 	{DSA-1873-1}
 	- xulrunner 1.9.0.13-1 (low; bug #539891)
-	[squeeze] - xulrunner 1.9.0.13-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-2653 (** DISPUTED ** ...)
 	NOT-FOR-US: Microsoft Windows
@@ -4193,9 +4192,9 @@
 CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
 	- vlc <not-affected> (The vulnerability affects Windows builds only)
 CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
-	- xulrunner <not-affected> 
-	NOTE: Affected version only available in experimental, only Firefox 3.5,
-	NOTE: Fixed in experimental in 1.9.1.1-1
+	- xulrunner 1.9.1.1-1 
+	[etch] - xulrunner <not-affected> (only affects firefox 3.5)
+	[lenny] - xulrunner <not-affected> (only affects firefox 3.5)
 CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
 	- xulrunner <not-affected> (unimportant)
 	NOTE: browser crashes not treated as security issues
@@ -5982,58 +5981,48 @@
 CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
 	{DSA-1830-1 DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...)
 	{DSA-1830-1 DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
 CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
 	{DSA-1830-1 DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
 CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...)
 	{DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
 	{DSA-1830-1 DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
@@ -7230,7 +7219,6 @@
 CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...)
 	{DSA-1830-1 DSA-1820-1}
 	- xulrunner 1.9.0.11-1
-	[squeeze] - xulrunner 1.9.0.11-0lenny1
 	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
 	- icedove 2.0.0.22-1 (bug #535124)
 	[squeeze] - icedove 2.0.0.22-0lenny1
@@ -7531,7 +7519,6 @@
 	- xulrunner 1.9.0.10-1 (low)
 	[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
 	[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
-	[squeeze] - xulrunner <not-affected> (introduced in 1.9.0.9)
 CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...)
 	{DSA-1797-1}
 	- xulrunner 1.9.0.9-1
@@ -11639,7 +11626,6 @@
 	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
 	- linux-2.6 2.6.29-1 (low)
 	- linux-2.6.24 <removed>
-	[squeeze] - linux-2.6 2.6.26-13lenny1
 CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
 	NOT-FOR-US: Apple Safari on Windows
 CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)

More information about the Secure-testing-commits mailing list