jmm-guest at alioth.debian.org
2008-Dec-28 20:14 UTC
[Secure-testing-commits] r10817 - data/CVE
Author: jmm-guest
Date: 2008-12-28 20:14:51 +0000 (Sun, 28 Dec 2008)
New Revision: 10817
Modified:
data/CVE/list
Log:
more mozilla fun
Modified: data/CVE/list
==================================================================---
data/CVE/list 2008-12-28 20:09:53 UTC (rev 10816)
+++ data/CVE/list 2008-12-28 20:14:51 UTC (rev 10817)
@@ -4,7 +4,8 @@
NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers
to ...)
- TODO: check
+ - iceweasel <unfixed> (unimportant)
+ NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier
for ...)
- qemu <unfixed> (low; bug #509882)
[etch] - qemu <not-affected> (Vulnerable code not present)
@@ -52,7 +53,7 @@
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX
ActiveX ...)
NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690 (The Kerberos credential renewal feature in Solaris 8, 9, and 10,
and ...)
- TODO: check
+ NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through
snv_76 ...)
NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1 through 1.13.3, when the wgShowExceptionDetails
...)
@@ -524,9 +525,15 @@
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to
bypass ...)
- iceweasel 3.0.5-1
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to
run ...)
- TODO: check
+ - iceweasel 3.0
+ - xulrunner 1.9
+ NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
+ NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before
...)
- TODO: check
+ - iceape 1.1.13-1
+ - iceweasel 3.0
+ - xulrunner 1.9
+ NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5,
Thunderbird 2.x ...)
- iceweasel 3.0.5-1
[etch] - iceweasel <not-affected> (Firefox 2.x not affected)