[Secure-testing-commits] r19666 - data/CVE
Yves-Alexis Perez
corsac at alioth.debian.org
Thu Jul 5 06:17:39 UTC 2012
Author: corsac
Date: 2012-07-05 06:17:39 +0000 (Thu, 05 Jul 2012)
New Revision: 19666
Modified:
data/CVE/list
Log:
remove bugzilla check, squeeze does indeed seem vulnerable
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-07-05 06:09:20 UTC (rev 19665)
+++ data/CVE/list 2012-07-05 06:17:39 UTC (rev 19666)
@@ -8105,7 +8105,8 @@
- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in ...)
- bugzilla <removed>
- TODO: check
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
+ NOTE: upstream bug only talks about 4.x but afaict the vulnerable code already exists in 3.x
CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, ...)
- icedove <not-affected> (Introduced in Thunderbird 10)
- iceweasel 10.0.1-1
More information about the Secure-testing-commits
mailing list