[Secure-testing-commits] r19065 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Apr 25 07:37:50 UTC 2012 

Author: jmm
Date: 2012-04-25 07:37:50 +0000 (Wed, 25 Apr 2012)
New Revision: 19065

Modified:
   data/CVE/list
Log:
first batch of Mozilla updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-04-25 05:53:52 UTC (rev 19064)
+++ data/CVE/list	2012-04-25 07:37:50 UTC (rev 19065)
@@ -590,7 +590,6 @@
 CVE-2012-2123
 	RESERVED
 	- linux-2.6 <unfixed>
-	TODO: check
 CVE-2012-2122
 	RESERVED
 CVE-2012-2121
@@ -4567,28 +4566,71 @@
 	RESERVED
 CVE-2012-0478
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0477
 	RESERVED
 CVE-2012-0476
 	RESERVED
 CVE-2012-0475
 	RESERVED
+	- icedove <unfixed> (low)
+	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceweasel 12.0-1 (low)
+	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceape <unfixed> (low)
+	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
+	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
 CVE-2012-0474
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0473
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0472
 	RESERVED
+	- icedove <not-affected> (Windows-specific)
+	- iceweasel <not-affected> (Windows-specific)
+	- iceape <not-affected> (Windows-specific)
 CVE-2012-0471
 	RESERVED
 CVE-2012-0470
 	RESERVED
 CVE-2012-0469
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0468
 	RESERVED
+	- icedove <not-affected> (Only affects Firefox 11 and above)
+	- iceweasel <not-affected> (Only affects Firefox 11 and above)
+	- iceape <not-affected> (Only affects Firefox 11 and above)
 CVE-2012-0467
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.3esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape 2.7.3-1
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0466
 	RESERVED
 	- bugzilla <removed> (low)
@@ -11699,6 +11741,12 @@
 	- chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before ...)
 	- chromium-browser 18.0.1025.142~r129054-1
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509 ...)
 	- chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text ...)
@@ -17275,6 +17323,13 @@
 	TODO: ^ this commit only contains tests for the issue, need commit # for fix
 CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
 	- libv8 3.1.8.10-1 (bug #617418)
+	- icedove <unfixed> (low)
+	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceweasel 12.0-1 (low)
+	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceape <unfixed> (low)
+	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
+	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
 CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
 	- chromium-browser 10.0.648.127~r76697-1
 	[squeeze] - chromium-browser <not-affected>

More information about the Secure-testing-commits mailing list