Author: luk
Date: 2012-01-01 23:32:44 +0000 (Sun, 01 Jan 2012)
New Revision: 17976
Modified:
data/CVE/list
Log:
Mark xen-3.0 and mozilla* as removed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2012-01-01 23:07:58 UTC (rev 17975)
+++ data/CVE/list 2012-01-01 23:32:44 UTC (rev 17976)
@@ -60219,11 +60219,11 @@
REJECTED
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...)
- xen-3 3.1.2-1 (unimportant; bug #451626)
- - xen-3.0 <unfixed> (unimportant)
+ - xen-3.0 <removed> (unimportant)
NOTE: CONFIG_SECCOMP isn''t activated in Debian kernels
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of
...)
- xen-3 3.1.2-1 (medium; bug #451626)
- - xen-3.0 <unfixed>
+ - xen-3.0 <removed>
CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack
sessions ...)
NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and
...)
@@ -78633,14 +78633,14 @@
- firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
NOTE: MFSA-2006-65
- firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- xulrunner 1.5.0.8-1 (high)
- mozilla-firefox <removed>
- mozilla-thunderbird <removed>
@@ -78882,7 +78882,7 @@
- firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- icedove <unfixed> (unimportant)
- - mozilla <unfixed> (unimportant)
+ - mozilla <removed> (unimportant)
- xulrunner <unfixed> (unimportant)
- mozilla-firefox <removed> (unimportant)
- mozilla-thunderbird <removed> (unimportant)
@@ -79253,7 +79253,7 @@
- firefox <removed> (low)
- iceweasel 2.0+dfsg-1 (low)
- icedove 1.5.0.8-1 (low)
- - mozilla <unfixed> (low)
+ - mozilla <removed> (low)
- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8,
...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
@@ -79261,7 +79261,7 @@
- firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as
used ...)
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
@@ -79271,7 +79271,7 @@
- firefox <removed> (high)
- iceweasel 2.0+dfsg-1 (high)
- icedove 1.5.0.8-1 (medium)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of
netlink ...)
- avahi 0.6.15-1 (low)
@@ -81204,7 +81204,7 @@
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7,
...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-64
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
@@ -81212,7 +81212,7 @@
{DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-63
- thunderbird 1.5.0.7-1
- - mozilla <unfixed>
+ - mozilla <removed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the
"blocked ...)
NOTE: MFSA-2006-62
- firefox 1.5.dfsg+1.5.0.7-1 (low)
@@ -81222,7 +81222,7 @@
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows
...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-61
- - mozilla <unfixed> (low)
+ - mozilla <removed> (low)
- firefox 1.5.dfsg+1.5.0.7-1 (low)
- xulrunner 1.8.0.7-1 (low)
- thunderbird 1.5.0.7-1
@@ -81236,14 +81236,14 @@
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and
...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (low)
- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7,
...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-57
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
- thunderbird 1.5.0.7-1 (low)
@@ -81550,7 +81550,7 @@
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote
...)
NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including
Mozilla ...)
- - mozilla <unfixed> (low)
+ - mozilla <removed> (low)
- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
- xulrunner <not-affected>
[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a
backport)
@@ -81763,7 +81763,7 @@
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as
used ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- firefox 1.5.dfsg+1.5.0.7-1 (high)
- thunderbird 1.5.0.7-1 (high)
- xulrunner 1.8.0.7-1 (high)
@@ -81851,8 +81851,8 @@
{DSA-1227-1 DSA-1225-1 DSA-1224-1}
- firefox <removed>
- iceweasel 2.0+dfsg-1
- - mozilla <unfixed>
- - mozilla-firefox <unfixed>
+ - mozilla <removed>
+ - mozilla-firefox <removed>
- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not
...)
NOT-FOR-US: AK-Systems Windows Terminal
@@ -81975,7 +81975,7 @@
NOTE: MFSA-2006-59
- xulrunner 1.8.0.7-1 (medium)
- firefox 1.5.dfsg+1.5.0.7-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- thunderbird 1.5.0.7-1 (low)
- mozilla-firefox <removed> (unimportant)
[sarge] - mozilla <unfixed> (unimportant)
@@ -82976,7 +82976,7 @@
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
NOTE: MFSA-2006-56
[sarge] - mozilla <not-affected>
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- xulrunner 1.8.0.5-1 (medium)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
@@ -82985,7 +82985,7 @@
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-55
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
@@ -83002,7 +83002,7 @@
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-53
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
@@ -83011,7 +83011,7 @@
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows
...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-52
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- xulrunner 1.8.0.5-1 (medium)
- mozilla-firefox <removed> (medium)
- firefox 1.5.dfsg+1.5.0.5-1 (medium)
@@ -83019,7 +83019,7 @@
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and
...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-51
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
@@ -83028,7 +83028,7 @@
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla
Firefox ...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-50
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
@@ -83037,7 +83037,7 @@
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5,
Thunderbird ...)
{DSA-1161 DSA-1160 DSA-1159}
NOTE: MFSA-2006-50
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- xulrunner 1.8.0.5-1 (high)
- mozilla-firefox <removed> (high)
- firefox 1.5.dfsg+1.5.0.5-1 (high)
@@ -83047,7 +83047,7 @@
NOTE: MFSA-2006-49
- mozilla-firefox <not-affected> (only firefox >= 1.5)
[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- thunderbird 1.5.0.5-1 (high)
- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla
Firefox ...)
@@ -85321,7 +85321,7 @@
NOTE: may have been fixed earlier.
CVE-2006-2788 (Double free vulnerability in the getRawDER function for
nsIX509Cert in ...)
{DSA-1210 DSA-1192-1 DSA-1191-1}
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- firefox 1.5.dfsg+1.5.0.4 (high)
- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4
allows ...)
@@ -85348,7 +85348,7 @@
{DSA-1134-1 DSA-1120 DSA-1118}
NOTE: MFSA-2006-36
- firefox 1.5.dfsg+1.5.0.4-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode
...)
{DSA-1134-1 DSA-1120 DSA-1118}
@@ -85524,8 +85524,8 @@
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers
to ...)
- firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- - mozilla <unfixed> (unimportant)
- - mozilla-firefox <unfixed> (unimportant)
+ - mozilla <removed> (unimportant)
+ - mozilla-firefox <removed> (unimportant)
- xulrunner <unfixed> (unimportant)
NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4
allows ...)
@@ -87254,7 +87254,7 @@
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows
remote ...)
{DSA-1055-1 DSA-1053-1}
- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in
Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
- typo3-src 4.0.2-1 (bug #364350)
@@ -87917,7 +87917,7 @@
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (high)
- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
- - mozilla <unfixed> (high)
+ - mozilla <removed> (high)
- thunderbird 1.5.0.2-1 (medium)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
- xulrunner 1.8.0.1-9
@@ -87943,7 +87943,7 @@
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
{DSA-1051-1 DSA-1046-1 DSA-1044-1}
- firefox 1.5.dfsg+1.5.0.2-1 (medium)
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- thunderbird 1.5.0.2-1 (low)
[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
- xulrunner 1.8.0.1-9
@@ -87954,7 +87954,7 @@
{DSA-1051-1 DSA-1046-1}
- firefox 1.5.dfsg+1.5.0.2 (medium)
[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
- - mozilla <unfixed> (medium)
+ - mozilla <removed> (medium)
- thunderbird 1.5.0.2-1 (low)
- xulrunner 1.8.0.1-9
NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
@@ -91044,7 +91044,7 @@
NOTE: see CVE-2005-4684
- firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- - mozilla <unfixed> (unimportant)
+ - mozilla <removed> (unimportant)
[sarge] - mozilla <no-dsa> (Hardly exploitable)
- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the
DNS ...)
@@ -91509,7 +91509,7 @@
- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
- - mozilla-thunderbird <unfixed>
+ - mozilla-thunderbird <removed>
- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in
Firefox ...)
{DSA-1051-1 DSA-1046-1}
@@ -93925,7 +93925,7 @@
NOTE: maintainers don''t believe it is a security bug and
can''t reproduce after 1.5.dfsg-1
- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
- - mozilla <unfixed> (bug #340282; unimportant)
+ - mozilla <removed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0
...)
{DSA-973-1}
- otrs 2.0.4p01-1 (bug #340352; medium)
@@ -98858,7 +98858,7 @@
- firefox <removed> (bug #320539; unimportant)
- iceweasel <unfixed> (bug #320539; unimportant)
- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
- - mozilla <unfixed> (bug #320538; unimportant)
+ - mozilla <removed> (bug #320538; unimportant)
NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of
security
NOTE: feature (client-side preference for stronger methods) and not a
vulnerabilit
NOTE: This also seems like a rare setup.
@@ -106257,7 +106257,7 @@
NOTE: generally try to make sense of anything even remotely resembling HTML.
- firefox <removed> (unimportant)
- iceweasel <unfixed> (unimportant)
- - mozilla <unfixed> (unimportant)
+ - mozilla <removed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to
execute ...)
NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote
attackers ...)