Author: jmm Date: 2011-01-31 18:42:50 +0000 (Mon, 31 Jan 2011) New Revision: 16018 Modified: data/CVE/list Log: - xulrunner/lenny cleanup - kernel/xen not-affected Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-31 13:59:08 UTC (rev 16017) +++ data/CVE/list 2011-01-31 18:42:50 UTC (rev 16018) @@ -2674,8 +2674,7 @@ RESERVED NOT-FOR-US: TikiWiki CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...) - - linux-2.6 <unfixed> - TODO: check + - linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian) CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...) NOT-FOR-US: IBM OmniFind Enterprise Edition CVE-2010-4235 @@ -3906,6 +3905,7 @@ [lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1) CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...) - xulrunner <removed> + [lenny] - xulrunner <not-affected> (Vulnerable code not present) - icedove 3.0.11-1 - iceweasel 3.5.16-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) @@ -3920,6 +3920,7 @@ [lenny] - iceape <not-affected> (Only a stub package) CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...) - xulrunner <removed> + [lenny] - xulrunner <not-affected> (Vulnerable code not present) - iceweasel 3.5.16-1 [lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses Xulrunner from the xulrunner source pkg) - iceape 2.0.11-1 @@ -29758,7 +29759,7 @@ - xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516) - iceape 2.0.5-1 (unimportant) [lenny] - iceape <not-affected> (Just a stub package) - - xulrunner <unfixed> (low) + NOTE: Limited to browser life time CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...) NOT-FOR-US: Microsoft CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...)