[Secure-testing-commits] r31302 - data/CVE
Moritz Muehlenhoff
jmm at moszumanska.debian.org
Tue Jan 13 18:31:28 UTC 2015
Author: jmm
Date: 2015-01-13 18:31:28 +0000 (Tue, 13 Jan 2015)
New Revision: 31302
Modified:
data/CVE/list
Log:
mark xulrunner in wheezy as unsupported
mark remaining libv8 issues as unsupported
elixir no-dsa
CVE for offset2lib in the works
gnutls bug not a security issue and not related to the nss issue (checked with upstream)
new condor issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-13 14:43:05 UTC (rev 31301)
+++ data/CVE/list 2015-01-13 18:31:28 UTC (rev 31302)
@@ -2145,6 +2145,7 @@
CVE-2014-XXXX [offset2lib linux aslr bypass]
- linux <unfixed> (low; bug #772508)
- linux-2.6 <removed>
+ NOTE: jmm coordinating with reporters wrt CVE
CVE-2014-9298
RESERVED
CVE-2014-9297
@@ -6581,10 +6582,10 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
- - chromium-browser <undetermined>
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
- TODO: CVE description indicates upsteam 38.0.2125.101 fixed this, but there isn't enough information available to check yet
+ NOTE: libv8 not covered by security support
CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote ...)
- swift 2.2.0-1
[wheezy] - swift <no-dsa> (Minor issue)
@@ -8113,7 +8114,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773623)
+ - libv8-3.14 <unfixed> (unimportant; bug #773623)
+ NOTE: libv8 not covered by security support
CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
- node-qs 2.2.4-1
NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
@@ -8218,12 +8220,6 @@
NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
NOTE: http://www.intelsecurity.com/advanced-threat-research/#
NOTE: similar to CVE-2014-1568 in nss
-CVE-2014-XXXX [gnutls: certificate sanitization issue]
- - gnutls26 <removed>
- - gnutls28 3.3.8-1
- NOTE: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/7663
- NOTE: http://www.intelsecurity.com/advanced-threat-research/#
- NOTE: similar to CVE-2014-1568 in nss
CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, ...)
{DSA-3036-1}
- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
@@ -18002,9 +17998,10 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
- chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
+ NOTE: libv8 not covered by security support
CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
- chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
@@ -18017,9 +18014,10 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
- chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
+ NOTE: libv8 not covered by security support
CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
- chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
@@ -18044,7 +18042,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
- chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
@@ -18197,7 +18196,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-3151
RESERVED
CVE-2014-3150
@@ -22049,7 +22049,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
{DSA-2920-1}
- chromium-browser 34.0.1847.132-1
@@ -22057,7 +22058,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2920-1}
- chromium-browser 34.0.1847.132-1
@@ -22081,7 +22083,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
@@ -22089,7 +22092,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
@@ -22145,7 +22149,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
{DSA-2905-1}
- chromium-browser 34.0.1847.116-1
@@ -22153,7 +22158,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
{DSA-2883-1}
- chromium-browser 33.0.1750.152-1
@@ -38131,7 +38137,8 @@
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
@@ -38579,7 +38586,8 @@
- libv8 <removed>
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
- - libv8-3.14 <unfixed> (bug #773671)
+ - libv8-3.14 <unfixed> (unimportant; bug #773671)
+ NOTE: libv8 not covered by security support
CVE-2013-2631
RESERVED
CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager ...)
@@ -57908,6 +57916,7 @@
[squeeze] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...)
- elixir <unfixed> (low; bug #670919)
+ [jessie] - elixir <no-dsa> (Minor issue)
[squeeze] - elixir <no-dsa> (Minor issue)
[wheezy] - elixir <no-dsa> (Minor issue)
CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming ...)
@@ -62181,11 +62190,12 @@
{DSA-2406-1 DSA-2402-1 DSA-2400-1}
- icedove 10.0.3-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-10
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, ...)
- bugzilla <removed> (low)
- bugzilla4 <itp> (bug #669643)
@@ -62236,11 +62246,12 @@
{DSA-2406-1 DSA-2402-1 DSA-2400-1}
- icedove 10.0.3-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 10.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-10
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...)
{DSA-2490-1}
- nss 3.13.4-1
@@ -67366,11 +67377,12 @@
{DSA-2406-1 DSA-2402-1 DSA-2400-1}
- icedove 7.0-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-10
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
- bugzilla <removed> (low)
[squeeze] - bugzilla <no-dsa> (Minor issue)
@@ -67460,31 +67472,34 @@
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 8.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-9
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) ...)
- iceweasel <not-affected> (Windows-specific)
CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 8.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-9
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...)
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-9
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3646 (phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote ...)
- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access ...)
@@ -69459,30 +69474,33 @@
{DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove 3.1.15-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...)
{DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove 3.1.15-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...)
{DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove 3.1.15-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2997 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 6)
- iceweasel 7.0-1
@@ -69498,11 +69516,12 @@
{DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove 3.1.15-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2994
RESERVED
CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla ...)
@@ -69567,42 +69586,46 @@
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20, ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup ...)
- icedove <not-affected> (Only affects Windows)
- xulrunner <not-affected> (Only affects Windows)
@@ -70732,7 +70755,7 @@
NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2605 (CRLF injection vulnerability in the ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
- iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -70740,6 +70763,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2604 (The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote ...)
NOT-FOR-US: Windows XP
CVE-2011-2603 (The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote ...)
@@ -71309,12 +71333,13 @@
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-13
- iceweasel 6.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-5
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird ...)
- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
@@ -71322,7 +71347,7 @@
- icedove <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
CVE-2011-2376 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
- iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -71330,12 +71355,13 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2375 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 5.0, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 5.0, not yet in unstable)
CVE-2011-2374 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
- iceweasel 3.5.19-3
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -71343,9 +71369,10 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-3
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -71353,18 +71380,20 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...)
{DSA-2317-1 DSA-2313-1 DSA-2312-1}
- icedove 3.1.15-1
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 7.0-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-8
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-3
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
@@ -71372,6 +71401,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...)
- xulrunner <not-affected> (Only affects Firefox 4.x and above)
- iceweasel 5.0-1
@@ -71409,23 +71439,25 @@
CVE-2011-2363 (Use-after-free vulnerability in the nsSVGPointList::AppendElement ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
- chromium-browser 13.0.782.107~r94237-1 (unimportant)
- webkit <not-affected> (chromium specific)
@@ -74616,7 +74648,7 @@
NOTE: http://trac.webkit.org/changeset/79476
CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...)
- libxslt 1.1.26-7 (low; bug #617413)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner <no-dsa> (minor issue)
- iceweasel 3.5.19-1
[squeeze] - iceweasel <no-dsa> (minor issue)
@@ -74627,6 +74659,7 @@
NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
[squeeze] - libxslt 1.1.26-6+squeeze1
[lenny] - libxslt <no-dsa> (minor issue)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome before ...)
- chromium-browser 10.0.648.127~r76697-1
[squeeze] - chromium-browser <not-affected>
@@ -78056,13 +78089,14 @@
CVE-2011-0085 (Use-after-free vulnerability in the nsXULCommandDispatcher function in ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
@@ -78075,13 +78109,14 @@
CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-12
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
- xulrunner <removed> (unimportant)
- iceweasel <unfixed> (unimportant; bug #627552)
@@ -78092,89 +78127,98 @@
- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in ...)
- xulrunner <not-affected> (Only affects MacOS X)
- iceweasel <not-affected> (Only affects MacOS X)
CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Vulnerable code not present)
@@ -78190,27 +78234,30 @@
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.15-1+b1
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.19-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.15-1+b1
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in ...)
{DSA-2178-1}
- pango1.0 1.28.3-2~sid1
@@ -78230,12 +78277,13 @@
{DSA-2187-1 DSA-2186-1 DSA-2180-1}
- icedove 3.0.11-2
[lenny] - icedove <end-of-life>
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner 1.9.0.19-8
- iceweasel 3.5.17-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.12-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before ...)
- icedove <not-affected> (Windows-specific)
- xulrunner <not-affected> (Windows-specific)
More information about the Secure-testing-commits
mailing list