[Secure-testing-commits] r16018 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jan 31 18:42:55 UTC 2011 

Author: jmm
Date: 2011-01-31 18:42:50 +0000 (Mon, 31 Jan 2011)
New Revision: 16018

Modified:
   data/CVE/list
Log:
- xulrunner/lenny cleanup
- kernel/xen not-affected


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-31 13:59:08 UTC (rev 16017)
+++ data/CVE/list	2011-01-31 18:42:50 UTC (rev 16018)
@@ -2674,8 +2674,7 @@
 	RESERVED
 	NOT-FOR-US: TikiWiki
 CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...)
-	- linux-2.6 <unfixed>
-	TODO: check
+	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
 CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
 	NOT-FOR-US: IBM OmniFind Enterprise Edition
 CVE-2010-4235
@@ -3906,6 +3905,7 @@
 	[lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1)
 CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...)
 	- xulrunner <removed>
+	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
 	- icedove 3.0.11-1
 	- iceweasel 3.5.16-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -3920,6 +3920,7 @@
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...)
 	- xulrunner <removed>
+	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
 	- iceweasel 3.5.16-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
 	- iceape 2.0.11-1
@@ -29758,7 +29759,7 @@
 	- xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516)
 	- iceape 2.0.5-1 (unimportant)
 	[lenny] - iceape <not-affected> (Just a stub package)
-	- xulrunner <unfixed> (low)	
+	NOTE: Limited to browser life time
 CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...)

More information about the Secure-testing-commits mailing list