Author: jmm-guest Date: 2007-01-07 12:55:30 +0100 (Sun, 07 Jan 2007) New Revision: 5214 Modified: data/CVE/list Log: xulrunner fixed Modified: data/CVE/list ==================================================================--- data/CVE/list 2007-01-06 21:00:29 UTC (rev 5213) +++ data/CVE/list 2007-01-07 11:55:30 UTC (rev 5214) @@ -908,7 +908,7 @@ CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...) NOTE: MFSA-2006-73 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) NOTE: Flaw was introduced in Firefox 1.5.0.4 @@ -917,7 +917,7 @@ CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...) NOTE: MFSA-2006-72 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) - mozilla <removed> (high) @@ -927,7 +927,7 @@ CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...) NOTE: MFSA-2006-71 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) - mozilla <removed> (high) @@ -938,7 +938,7 @@ CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-70 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) - mozilla <removed> (high) @@ -948,7 +948,7 @@ CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...) NOTE: MFSA-2006-69 - iceweasel <not-affected> (windows only) - - xulrunner <not-affected> (windows only) + - xulrunner 1.8.0.9-1 (windows only) - iceape <not-affected> (windows only) - firefox <not-affected> (windows only) - mozilla <not-affected> (windows only) @@ -958,7 +958,7 @@ CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) - mozilla <removed> (high) @@ -970,7 +970,7 @@ CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (high) - - xulrunner <unfixed> (high) + - xulrunner 1.8.0.9-1 (high) - iceape 1.0.7-1 (high) - firefox <removed> (high) - mozilla <removed> (high) @@ -980,7 +980,7 @@ CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...) NOTE: MFSA-2006-68 - iceweasel 2.0.0.1+dfsg-1 (medium) - - xulrunner <unfixed> (medium) + - xulrunner 1.8.0.9-1 (medium) - iceape 1.0.7-1 (medium) - firefox <removed> (medium) - mozilla <removed> (medium) @@ -1238,7 +1238,7 @@ CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...) - phpmyadmin <unfixed> (unimportant; bug #404744) [sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge) - [etch] - phpmyadmin <no-dsa> (not exploitable with Etch''s php versions) + [etch] - phpmyadmin <not-affected> (not exploitable with Etch''s php versions) NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+ CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...) - phpmyadmin <unfixed> (unimportant) @@ -4560,7 +4560,7 @@ CVE-2006-4843 RESERVED CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...) - - xulrunner <unfixed> (low; bug #405062) + - xulrunner 1.8.0.9-1 (low; bug #405062) [sarge] - mozilla <unfixed> (low) NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470