[Secure-testing-commits] r22132 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Thu May 2 09:51:06 UTC 2013 

Author: jmm
Date: 2013-05-02 09:51:05 +0000 (Thu, 02 May 2013)
New Revision: 22132

Modified:
   data/CVE/list
Log:
mozilla updates


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2013-05-02 09:26:55 UTC (rev 22131)
+++ data/CVE/list	2013-05-02 09:51:05 UTC (rev 22132)
@@ -5880,43 +5880,54 @@
 CVE-2013-0801
 	RESERVED
 CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...)
-	- pixmain <unfixed>
+	- pixman <unfixed>
 	- iceweasel <unfixed>
 	- icedove <unfixed>
 	- iceape <unfixed>
-	- wine-gecko <unfixed>
-	TODO: check
+	- wine-gecko <unfixed> (unimportant)
+	TODO: check, whether ice* are affected, xulrunner links against system copy of pixman
 CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...)
-	NOT-FOR-US: Mozilla Maintenance Service (Windows only)
+	- iceweasel <not-affected> (Only affects Firefox on Windows)
 CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and ...)
-	NOT-FOR-US: Mozilla Firefox on Android
+	- iceweasel <not-affected> (Only affects Firefox on Android)
 CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...)
-	NOT-FOR-US: Mozilla Updater
+	- iceweasel <not-affected> (Only affects Firefox on Windows)
 CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...)
 	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
+	- icedove <unfixed>
+	- iceape <unfixed>
 	- iceweasel <unfixed>
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent ...)
-	- iceweasel <unfixed>
+	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...)
 	- iceweasel <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when ...)
-	- iceweasel <unfixed>
+	- iceweasel <unfixed> (low)
+	- iceape <unfixed> (low)
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security ...)
 	- nss 2:3.14.3-1 (unimportant)
 	NOTE: client crash only
 CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
-	NOT-FOR-US: Mozilla Firefox on Android
+	- iceweasel <not-affected> (Only affects Firefox on Android)
 CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
-	- iceweasel <unfixed>
-	NOTE: fixed in experimental 20.0-1
+	- iceweasel <not-affected> (Only affects Firefox 19)
+	- icedove <not-affected> (Only affects Firefox 19)
+	- iceape <not-affected> (Only affects Firefox 19)
 CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
 	- iceweasel <unfixed>
+	- iceape <unfixed>
+	- icedove <unfixed>
 	NOTE: fixed in experimental 20.0-1
 CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
 	- iceweasel <unfixed>

More information about the Secure-testing-commits mailing list