Author: jmm-guest Date: 2006-12-05 21:53:30 +0100 (Tue, 05 Dec 2006) New Revision: 5074 Modified: data/CVE/list Log: CVE-2006-4253 not much of a security problem on sarge Modified: data/CVE/list ==================================================================--- data/CVE/list 2006-12-05 20:14:15 UTC (rev 5073) +++ data/CVE/list 2006-12-05 20:53:30 UTC (rev 5074) @@ -4411,7 +4411,6 @@ - cscope 15.5+cvs20060902-1 (low; bug #385893) CVE-2006-4261 REJECTED - NOTE: Duplicate of CVE-2006-4253 CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...) NOT-FOR-US: Fotopholder CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...) @@ -4428,14 +4427,14 @@ NOT-FOR-US: IBM AIX CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...) NOTE: MFSA-2006-59 - - xulrunner 1.8.0.7-1 (high) - - firefox 1.5.dfsg+1.5.0.7-1 (high) - - mozilla <unfixed> (high) - - mozilla-firefox <removed> (high) - [sarge] - mozilla <unfixed> (low) - [sarge] - mozilla-thunderbird <unfixed> (low) - NOTE: On Sarge this is only a DoS, not code injection + - xulrunner 1.8.0.7-1 (medium) + - firefox 1.5.dfsg+1.5.0.7-1 (medium) + - mozilla <unfixed> (medium) - thunderbird 1.5.0.7-1 (low) + - mozilla-firefox <removed> (unimportant) + [sarge] - mozilla <unfixed> (unimportant) + [sarge] - mozilla-thunderbird <unfixed> (unimportant) + NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al. CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...) - pdns-recursor 3.1.4-1 (bug #398559) - pdns <not-affected> (Recursor module has been moved to pdns-recursor)