[Secure-testing-commits] r36787 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Tue Sep 22 19:33:26 UTC 2015 

Author: carnil
Date: 2015-09-22 19:33:26 +0000 (Tue, 22 Sep 2015)
New Revision: 36787

Modified:
   data/CVE/list
Log:
First round of new iceweasel issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-09-22 19:24:31 UTC (rev 36786)
+++ data/CVE/list	2015-09-22 19:33:26 UTC (rev 36787)
@@ -6863,16 +6863,34 @@
 	RESERVED
 CVE-2015-4505
 	RESERVED
-CVE-2015-4504
+CVE-2015-4504 [Out of bounds read in QCMS library with ICC V4 profile attributes]
 	RESERVED
-CVE-2015-4503
+	- iceweasel <unfixed>
+	[jessie] - iceweasel <not-affected> (Affects only 40.x)
+	[wheezy] - iceweasel <not-affected> (Affects only 40.x)
+	[squeeze] - iceweasel <not-affected> (Affects only 40.x)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
+CVE-2015-4503 [Memory leak in mozTCPSocket to servers]
 	RESERVED
+	- iceweasel <unfixed>
+	[jessie] - iceweasel <not-affected> (Affects only 40.x)
+	[wheezy] - iceweasel <not-affected> (Affects only 40.x)
+	[squeeze] - iceweasel <not-affected> (Affects only 40.x)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
 CVE-2015-4502
 	RESERVED
-CVE-2015-4501
+CVE-2015-4501 [Miscellaneous memory safety hazards]
 	RESERVED
-CVE-2015-4500
+	- iceweasel <unfixed>
+	[jessie] - iceweasel <not-affected> (Affects only 40.x)
+	[wheezy] - iceweasel <not-affected> (Affects only 40.x)
+	[squeeze] - iceweasel <not-affected> (Affects only 40.x)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
+CVE-2015-4500 [Miscellaneous memory safety hazards]
 	RESERVED
+	- iceweasel <unfixed>
+	[squeeze] - iceweasel <end-of-life>
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
 CVE-2015-4499 (Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x ...)
 	- bugzilla4 <itp> (bug #669643)
 	- bugzilla <removed>
@@ -6987,8 +7005,13 @@
 CVE-2015-4477 (Use-after-free vulnerability in the MediaStream playback feature in ...)
 	- iceweasel <not-affected> (Only affects Firefox 39)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
-CVE-2015-4476
+CVE-2015-4476 [Site attribute spoofing on Android by pasting URL with unknown scheme]
 	RESERVED
+	- iceweasel <unfixed>
+	[jessie] - iceweasel <not-affected> (Affects only 40.x)
+	[wheezy] - iceweasel <not-affected> (Affects only 40.x)
+	[squeeze] - iceweasel <not-affected> (Affects only 40.x)
+	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
 CVE-2015-4475 (The mozilla::AudioSink function in Mozilla Firefox before 40.0 and ...)
 	{DSA-3333-1}
 	- iceweasel 38.2.0esr-1

More information about the Secure-testing-commits mailing list