[Secure-testing-commits] r35319 - in data: CVE DSA

Salvatore Bonaccorso carnil at moszumanska.debian.org
Sat Jul 4 20:42:24 UTC 2015


Author: carnil
Date: 2015-07-04 20:42:23 +0000 (Sat, 04 Jul 2015)
New Revision: 35319

Modified:
   data/CVE/list
   data/DSA/list
Log:
iceweasel: For wheezy and jessie the build does not use the system-nss

Thanks to Moritz for correcting, indeed only the unstable version builds
with --with-system-nss and --with-system-nspr. Try to fix the entry so
that tracker does not show anymore CVE-2015-2721 as vulnerable for
icewasel. Hope this is the final change needed for
CVE-2015-2721/icewasel.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-07-04 17:51:28 UTC (rev 35318)
+++ data/CVE/list	2015-07-04 20:42:23 UTC (rev 35319)
@@ -6934,10 +6934,9 @@
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
 CVE-2015-2721
 	RESERVED
+	{DSA-3300-1}
 	- nss 2:3.19.1-1
-	- iceweasel <not-affected> (Uses the system nss library)
-	NOTE: iceweasel in jessie uses the system nss
-	[wheezy] - iceweasel 31.8.0esr-1~deb7u1
+	- iceweasel 38.1.0esr-1
 	[squeeze] - iceweasel <end-of-life>
 	- icedove <unfixed>
 	[squeeze] - icedove <end-of-life>

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2015-07-04 17:51:28 UTC (rev 35318)
+++ data/DSA/list	2015-07-04 20:42:23 UTC (rev 35319)
@@ -1,5 +1,5 @@
 [04 Jul 2015] DSA-3300-1 iceweasel - security update
-	{CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724}
+	{CVE-2015-2721 CVE-2015-2743 CVE-2015-4000 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2728 CVE-2015-2731 CVE-2015-2724}
 	[wheezy] - iceweasel 31.8.0esr-1~deb7u1
 	[jessie] - iceweasel 31.8.0esr-1~deb8u1
 [02 Jul 2015] DSA-3299-1 stunnel4 - security update




More information about the Secure-testing-commits mailing list