[Secure-testing-commits] r21374 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Fri Feb 22 09:34:12 UTC 2013 

Author: jmm
Date: 2013-02-22 09:34:12 +0000 (Fri, 22 Feb 2013)
New Revision: 21374

Modified:
   data/CVE/list
Log:
new mozilla issues, the issues fixed in ESR17 were marked as <unfixed>, but it's likely that some of
  these don't affect the 10ish version in unstable
foswiki ITP
keystone fixed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-02-22 07:01:56 UTC (rev 21373)
+++ data/CVE/list	2013-02-22 09:34:12 UTC (rev 21374)
@@ -1029,6 +1029,7 @@
 	RESERVED
 CVE-2013-1751
 	RESERVED
+	NOT-FOR-US: Oracle Database
 CVE-2013-1750
 	RESERVED
 CVE-2013-1749
@@ -1202,6 +1203,7 @@
 	RESERVED
 CVE-2013-1666
 	RESERVED
+	- foswiki <itp> (bug #509864)
 CVE-2013-1665 [Information leak via xml entity parsing]
 	RESERVED
 	- keystone 2012.1.1-13 (bug #700948)
@@ -3171,31 +3173,57 @@
 CVE-2013-0785
 	RESERVED
 CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0780 (Use-after-free vulnerability in the ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0778 (The ClusterIterator::NextCluster function in Mozilla Firefox before ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0775 (Use-after-free vulnerability in the ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
-	TODO: check
+	- iceape <not-affected> (Introduced in Firefox 15)
+	- iceweasel <not-affected> (Introduced in Firefox 15)
+	- icedove <not-affected> (Introduced in Firefox 15)
 CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) ...)
-	TODO: check
+	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0771 (Heap-based buffer overflow in the ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -3221,7 +3249,9 @@
 	- icedove 10.0.12-1
 	- iceape 2.7.12-1
 CVE-2013-0765 (Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey ...)
-	TODO: check
+	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
+	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox ...)
 	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
 	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
@@ -4702,8 +4732,7 @@
 	RESERVED
 CVE-2013-0282 [EC2-style authentication accepts disabled user/tenants]
 	RESERVED
-	- keystone <unfixed> (bug #700947)
-	TODO: check
+	- keystone 2012.1.1-13 (bug #700947)
 CVE-2013-0281 [DoS when remote CIB management enabled]
 	RESERVED
 	- pacemaker <unfixed> (bug #700923)

More information about the Secure-testing-commits mailing list