Author: gilbert-guest Date: 2009-08-30 23:39:23 +0000 (Sun, 30 Aug 2009) New Revision: 12714 Modified: data/CVE/list Log: as per discussion, xulrunner not affected by libpng issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-30 21:35:46 UTC (rev 12713) +++ data/CVE/list 2009-08-30 23:39:23 UTC (rev 12714) @@ -3009,8 +3009,7 @@ - libpng 1.2.37-1 (low; bug #533676) [etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups) [lenny] - libpng <no-dsa> (Minor issue, only exploitable in rare setups) - - xulrunner <unfixed> - NOTE: libpng code copy present in xulrunner [./modules/libimg/png/*] and possibly [./gfx/cairo/cairo/*] + - xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used) CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...) NOT-FOR-US: activeCollab CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...)