thr3ads.net - Secure testing commits - [Secure-testing-commits] r19065

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Apr-25 07:37 UTC
[Secure-testing-commits] r19065 - data/CVE

Author: jmm
Date: 2012-04-25 07:37:50 +0000 (Wed, 25 Apr 2012)
New Revision: 19065

Modified:
   data/CVE/list
Log:
first batch of Mozilla updates


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-04-25 05:53:52 UTC (rev 19064)
+++ data/CVE/list	2012-04-25 07:37:50 UTC (rev 19065)
@@ -590,7 +590,6 @@
 CVE-2012-2123
 	RESERVED
 	- linux-2.6 <unfixed>
-	TODO: check
 CVE-2012-2122
 	RESERVED
 CVE-2012-2121
@@ -4567,28 +4566,71 @@
 	RESERVED
 CVE-2012-0478
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0477
 	RESERVED
 CVE-2012-0476
 	RESERVED
 CVE-2012-0475
 	RESERVED
+	- icedove <unfixed> (low)
+	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceweasel 12.0-1 (low)
+	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV
branch)
+	- iceape <unfixed> (low)
+	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
+	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
 CVE-2012-0474
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0473
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0472
 	RESERVED
+	- icedove <not-affected> (Windows-specific)
+	- iceweasel <not-affected> (Windows-specific)
+	- iceape <not-affected> (Windows-specific)
 CVE-2012-0471
 	RESERVED
 CVE-2012-0470
 	RESERVED
 CVE-2012-0469
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0468
 	RESERVED
+	- icedove <not-affected> (Only affects Firefox 11 and above)
+	- iceweasel <not-affected> (Only affects Firefox 11 and above)
+	- iceape <not-affected> (Only affects Firefox 11 and above)
 CVE-2012-0467
 	RESERVED
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.3esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape 2.7.3-1
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2012-0466
 	RESERVED
 	- bugzilla <removed> (low)
@@ -11699,6 +11741,12 @@
 	- chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome
before ...)
 	- chromium-browser 18.0.1025.142~r129054-1
+	- icedove <unfixed>
+	[squeeze] - icedove <not-affected> (Vulnerable code not present)
+	- iceweasel 10.0.4esr-1
+	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+	- iceape <unfixed>
+	[squeeze] - iceape <not-affected> (Vulnerable code not present)
 CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509
...)
 	- chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text
...)
@@ -17275,6 +17323,13 @@
 	TODO: ^ this commit only contains tests for the issue, need commit # for fix
 CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to
bypass ...)
 	- libv8 3.1.8.10-1 (bug #617418)
+	- icedove <unfixed> (low)
+	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
+	- iceweasel 12.0-1 (low)
+	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV
branch)
+	- iceape <unfixed> (low)
+	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
+	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
 CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly
handle ...)
 	- chromium-browser 10.0.648.127~r76697-1
 	[squeeze] - chromium-browser <not-affected>
Secure testing commits - Apr 2012 - r19065 - data/CVE

[Secure-testing-commits] r19065 - data/CVE
