[Secure-testing-commits] r16951 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Mon Jul 18 21:30:59 UTC 2011 

Author: jmm
Date: 2011-07-18 21:30:58 +0000 (Mon, 18 Jul 2011)
New Revision: 16951

Modified:
   data/CVE/list
Log:
- Mozilla updates, thanks Mike
- vlc fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-07-18 21:14:18 UTC (rev 16950)
+++ data/CVE/list	2011-07-18 21:30:58 UTC (rev 16951)
@@ -405,10 +405,10 @@
 	RESERVED
 CVE-2011-2588 [ http://www.videolan.org/security/sa1106.html ]
 	RESERVED
-	- vlc <unfixed> (bug #633675)
+	- vlc 1.1.11-1 (bug #633675)
 CVE-2011-2587 [ http://www.videolan.org/security/sa1105.html ]
 	RESERVED
-	- vlc <unfixed> (bug #633674)
+	- vlc 1.1.11-1 (bug #633674)
 CVE-2011-2586
 	RESERVED
 CVE-2011-2585
@@ -921,12 +921,12 @@
 	[lenny] - iceape <not-affected> (Only a stub package)
 	- icedove 3.1.11-1
 CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...)
-	- xulrunner <removed>
-	- iceweasel <unfixed>
+	- xulrunner <not-affected> (Only affects Firefox 4.x and above)
+	- iceweasel 5.0-1
 	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
-	- iceape <unfixed>
-	[lenny] - iceape <not-affected> (Only a stub package)
-	- icedove <unfixed>
+	[squeeze] - iceweasel <not-affected> (Only affects Firefox 4.x and above)
+	- iceape <not-affected> (Only affects Firefox 4.x and above)
+	- icedove <not-affected> (Only affects Firefox 4.x and above)
 CVE-2011-2369 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
 	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
@@ -2720,7 +2720,7 @@
 CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, ...)
 	NOT-FOR-US: Microsoft
 CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...)
-	- iceweasel <unfixed> (unimportant)
+	- iceweasel 4.0.1-1 (unimportant)
 CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in ...)
 	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
 CVE-2011-1710

More information about the Secure-testing-commits mailing list