thr3ads.net - Secure testing commits - [Secure-testing-commits] r10018

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2008-Oct-07 08:04 UTC
[Secure-testing-commits] r10018 - data/CVE

Author: jmm-guest
Date: 2008-10-07 08:04:03 +0000 (Tue, 07 Oct 2008)
New Revision: 10018

Modified:
   data/CVE/list
Log:
Mozilla issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2008-10-07 07:05:43 UTC (rev 10017)
+++ data/CVE/list	2008-10-07 08:04:03 UTC (rev 10018)
@@ -872,41 +872,64 @@
 CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before
2.0.0.17 and ...)
 	- iceape 1.1.12-1
 CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey
...)
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 	- iceape 1.1.12-1
-	- xulrunner 1.9.0.3-1
 CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before
2.0.0.17 ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17,
allows ...)
-	- xulrunner 1.9.0.3-1
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
Thunderbird ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	[etch] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x
before ...)
 	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	[etch] - iceweasel <not-affected> (Vulnerable code not present)
 CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before
...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox
before ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2,
Thunderbird ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17
allows ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and
3.x ...)
 	- xulrunner 1.9.0.3-1
 	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1
+	- icedove <unfixed>
 CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3
before ...)
 	NOT-FOR-US: Objective Development Sharity
 CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in
...)
@@ -1432,13 +1455,19 @@
 CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls
(RPC) ...)
 	NOT-FOR-US: Solaris
 CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and
SeaMonkey ...)
-	- xulrunner 1.9.0.3-1
-	- iceape 1.1.12-1
+	- iceweasel 3.0.3-1 (low)
+	- xulrunner 1.9.0.3-1 (low)
+	- iceape 1.1.12-1 (low)
 CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote
attackers ...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- iceweasel 3.0
+	- xulrunner 1.9
 CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox
...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- xulrunner 1.9
+	- iceweasel 3.0
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-3834
 	RESERVED
 CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the
Linux ...)
@@ -11209,8 +11238,11 @@
 CVE-2008-0017
 	RESERVED
 CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in
...)
-	TODO: check
+	NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+	- xulrunner 1.9
+	- iceweasel 3.0
 	- iceape 1.1.12-1
+	- icedove <unfixed>
 CVE-2008-0015
 	RESERVED
 CVE-2008-0014
Secure testing commits - Oct 2008 - r10018 - data/CVE

[Secure-testing-commits] r10018 - data/CVE
