[Secure-testing-commits] r14029 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Feb 4 18:29:40 UTC 2010
Author: jmm-guest
Date: 2010-02-04 18:29:39 +0000 (Thu, 04 Feb 2010)
New Revision: 14029
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- tau fixed
- mark more xulrunner issues as EOLed
- kernel fixed
- mplayer no-dsa (mostly fixed, I'll check the status for sid)
- mediatomb code copy fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-04 17:40:08 UTC (rev 14028)
+++ data/CVE/list 2010-02-04 18:29:39 UTC (rev 14029)
@@ -125,6 +125,7 @@
CVE-2010-0409 [gmime: possible buffer overflows]
RESERVED
- gmime2.2 <unfixed> (bug #568291)
+ - gmime2.4 <unfixed> (bug #568291)
CVE-2010-0408
RESERVED
CVE-2010-0407
@@ -496,6 +497,7 @@
NOTE: http://www.squid-cache.org/Advisories/SQUID-2010_1.txt
CVE-2010-0307
RESERVED
+ - linux-2.6 2.6.32-7
CVE-2010-0306
RESERVED
CVE-2010-0305 [ejabberd DoS via "c2s" messages]
@@ -2758,16 +2760,19 @@
CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
- [etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
{DSA-1956-1}
- xulrunner 1.9.1.6-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
- xulrunner 1.9.1.6-1
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -5143,7 +5148,7 @@
- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
[etch] - mt-daapd <no-dsa> (minor issue)
TODO: [etch] - mt-daapd 0.2.4+r1376-1.1+etch3
- - mediatomb <unfixed> (low; bug #555232)
+ - mediatomb 0.12.0~svn2018-5 (low; bug #555232)
[lenny] - mediatomb <no-dsa> (minor issue)
- op-panel 0.30~dfsg-1 (low; bug #555234)
- ebug-http <removed> (low; bug #555235)
@@ -5535,24 +5540,23 @@
CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- NOTE: Huh?
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
- xulrunner <not-affected> (Only affects Firefox 3.5.x)
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
@@ -5560,15 +5564,15 @@
CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-1885-1}
- xulrunner 1.9.0.14-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
- xulrunner <not-affected> (Only affects Firefox 3.5.x)
[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
@@ -5819,6 +5823,7 @@
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
{DSA-1922-1}
- xulrunner 1.9.1.3-3 (low)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- iceape 2.0-1 (low)
[lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs)
- webkit <not-affected> (proof-of-concept did not work)
@@ -7292,7 +7297,7 @@
CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
{DSA-1873-1}
- xulrunner 1.9.0.13-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
{DSA-1899-1}
- strongswan 4.3.2-1.1 (bug #540144)
@@ -7325,7 +7330,7 @@
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
{DSA-1873-1}
- xulrunner 1.9.0.13-1 (low; bug #539891)
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2653 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Windows
CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...)
@@ -7817,38 +7822,38 @@
CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before ...)
NOT-FOR-US: CoreGraphics in Apple Mac OS X
NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2463 (Integer overflow in a base64 decoding function in Mozilla Firefox ...)
{DSA-1931-1}
- nspr 4.8.2-1
@@ -7856,8 +7861,7 @@
CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
{DSA-1840-1}
- xulrunner 1.9.0.12-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
- NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when ...)
NOT-FOR-US: Sun Ray Server Software
CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server ...)
@@ -9570,21 +9574,21 @@
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
@@ -9594,25 +9598,25 @@
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...)
@@ -10821,7 +10825,7 @@
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
@@ -11125,13 +11129,13 @@
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer <unfixed> (unimportant)
NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...)
{DSA-1886-1}
@@ -11140,45 +11144,45 @@
CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer <unfixed> (unimportant)
NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer <unfixed> (unimportant)
NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
{DSA-1830-1 DSA-1797-1}
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
- mpg123 1.7.2-1 (low)
[etch] - mpg123 <no-dsa> (Minor issue)
@@ -11941,6 +11945,7 @@
CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...)
{DSA-1756-1}
- xulrunner 1.9.0.8-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...)
NOT-FOR-US: Cisco IOS
@@ -12394,6 +12399,7 @@
CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...)
{DSA-1756-1}
- xulrunner 1.9.0.8-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...)
NOT-FOR-US: Microsoft
@@ -13264,6 +13270,7 @@
- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...)
- iceweasel 3.0.7-1 (low)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
@@ -13271,6 +13278,7 @@
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
{DSA-1751-1}
@@ -13283,6 +13291,7 @@
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
@@ -13296,6 +13305,7 @@
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.7-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
{DSA-1830-1 DSA-1751-1}
- icedove 2.0.0.22-1 (bug #535124)
@@ -13839,7 +13849,7 @@
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
- xulrunner 1.9.0.9-1
- [etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
NOT-FOR-US: Veritas network daemon
CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
@@ -15167,20 +15177,25 @@
[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...)
- iceweasel 3.0
+ [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...)
- iceweasel 3.0
+ [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- kompozer <not-affected> (.desktop file support is not available)
CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...)
- iceweasel 3.0.6-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...)
- iceweasel 3.0
[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
@@ -15192,6 +15207,7 @@
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
@@ -15201,6 +15217,7 @@
- iceweasel 3.0
NOTE: Iceweasel in Lenny links against Xulrunner
- xulrunner 1.9.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
- iceape 1.1.14-1.1
NOTE: Iceape in Lenny only provides XPCOM libs
- icedove 2.0.0.22-1 (bug #535124)
@@ -17166,6 +17183,7 @@
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
RESERVED
@@ -17189,6 +17207,7 @@
- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
- iceweasel 3.0.5-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
{DSA-1707-1}
@@ -18163,7 +18182,7 @@
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
- - tau <unfixed> (bug #506348)
+ - tau 2.16.4-1.3 (bug #506348)
[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
- systemimager <removed> (bug #506269)
@@ -18502,6 +18521,7 @@
{DSA-1671-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
@@ -19465,6 +19485,7 @@
NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
- mplayer <unfixed> (low; bug #407010)
+ [lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)
- vlc 1.0.3-1 (low; bug #502726)
@@ -29720,7 +29741,7 @@
NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when ...)
- iceweasel 3.0 (low)
- [etch] - iceweasel <no-dsa> (Minor issue)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to ...)
NOT-FOR-US: CORE FORCE
@@ -42998,7 +43019,7 @@
NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
- iceweasel <unfixed> (low; bug #556267)
- [etch] - iceweasel <no-dsa> (Minor issue)
+ [etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
NOT-FOR-US: MyBlog
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-02-04 17:40:08 UTC (rev 14028)
+++ data/embedded-code-copies 2010-02-04 18:29:39 UTC (rev 14029)
@@ -736,7 +736,7 @@
- lucene2 2.9.1+ds1-2 (embed; bug #555226)
- horde3 <unfixed> (embed)
- knowledgeroot 0.9.9.5-1 (embed; bug #555230)
- - mediatomb <unfixed> (embed; bug #555233)
+ - mediatomb 0.12.0~svn2018-5 (embed; bug #555233)
- mt-daapd 0.9~r1696.dfsg-6lenny2 (embed)
- ebug-http <removed> (embed; bug #555236)
- libaws 2.7-1 (embed; bug #555222)
More information about the Secure-testing-commits
mailing list