[Secure-testing-commits] r44005 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Wed Aug 17 08:08:02 UTC 2016


Author: jmm
Date: 2016-08-17 08:08:02 +0000 (Wed, 17 Aug 2016)
New Revision: 44005

Modified:
   data/CVE/list
Log:
one firefox issue n/a


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-08-17 03:50:48 UTC (rev 44004)
+++ data/CVE/list	2016-08-17 08:08:02 UTC (rev 44005)
@@ -12260,11 +12260,10 @@
 	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
 	NOTE: wheezy: User namespaces are non-functional.
 CVE-2016-2839 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ...)
-	- firefox 48.0-1
-	- firefox-esr 45.3.0esr-1
+	- firefox <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
+	- firefox-esr <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
 	NOTE: Related patches https://hg.mozilla.org/mozilla-central/log?rev=Bug+1275339
-	TODO: check details, what is ffmpeg 0.10 supposed to mean?
 CVE-2016-2838 (Heap-based buffer overflow in the nsBidi::BracketData::AddOpening ...)
 	{DSA-3640-1 DLA-585-1}
 	- firefox 48.0-1




More information about the Secure-testing-commits mailing list