thr3ads.net - Secure testing commits - [Secure-testing-commits] r7038

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Oct-20 13:05 UTC
[Secure-testing-commits] r7038 - data/CVE

Author: jmm-guest
Date: 2007-10-20 13:05:48 +0000 (Sat, 20 Oct 2007)
New Revision: 7038

Modified:
   data/CVE/list
Log:
first round of mozilla cleanups


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-20 12:59:17 UTC (rev 7037)
+++ data/CVE/list	2007-10-20 13:05:48 UTC (rev 7038)
@@ -4347,6 +4347,7 @@
 CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X
allows ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain
(aka ...)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products in Sarge no longer
supported)
 	- mozilla-firefox <removed>
 	- iceweasel <unfixed>
 	- iceape <unfixed>
@@ -11432,7 +11433,7 @@
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (low)
 	[sarge] - mozilla-tunderbird <unfixed> (low)
-	[sarge] - mozilla-firefox <unfixed> (low)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (low)
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x
...)
 	{DSA-1336-1}
@@ -11985,7 +11986,7 @@
 	- iceweasel 2.0.0.2+dfsg-1 (medium)
 	- iceape 1.0.8-1 (medium)
 	- xulrunner 1.8.0.10-1 (medium)
-	[sarge] - mozilla-firefox <unfixed> (medium)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (medium)
 	- firefox <removed> (medium)
 CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5
...)
@@ -12041,7 +12042,7 @@
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (low)
-	[sarge] - mozilla-firefox <not-affected> (introduced in firefox 1.5)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
 CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and
2.x ...)
 	{DSA-1336-1}
@@ -12049,7 +12050,7 @@
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (low)
-	[sarge] - mozilla-firefox <unfixed> (low)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (low)
 CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x
...)
 	NOTE: MFSA-2007-01
@@ -12057,7 +12058,7 @@
 	- iceape 1.0.8-1 (high)
 	- icedove 1.5.0.10.dfsg1-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
 	[sarge] - mozilla <unfixed> (high)
 CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in
Mozilla ...)
@@ -12076,7 +12077,7 @@
 	- iceape 1.0.8-1 (high)
 	- icedove 1.5.0.10.dfsg1-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (low)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla-thunderbird <unfixed> (low)
 	[sarge] - mozilla <unfixed> (low)
 	NOTE: Only one of the crashes can be triggered in Sarge, 326864
@@ -14539,7 +14540,7 @@
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
 	- icedove 1.5.0.10.dfsg1-1
-	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (high)
 	- firefox <removed> (high)
 CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network
Security ...)
@@ -14549,7 +14550,7 @@
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
 	- icedove 1.5.0.10.dfsg1-1
-	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (high)
 	- firefox <removed> (high)
 CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite
arbitrary ...)
@@ -15914,7 +15915,7 @@
 	NOTE: MFSA-2007-02
 	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
 	- iceape 1.0.8-1 (high)
-	[sarge] - mozilla-firefox <unfixed> (high)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla <unfixed> (high)
 	- xulrunner 1.8.0.10-1 (medium)
 	NOTE: Epiphany affected by xulrunner
@@ -19266,6 +19267,7 @@
 	- xulrunner 1.8.0.7-1 (low)
 	- firefox 1.5.dfsg+1.5.0.7-1 (low)
 	- mozilla <unfixed> (low)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	- mozilla-firefox <removed> (low)
 CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
 	NOT-FOR-US: Internet Explorer
@@ -25924,7 +25926,7 @@
 CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before
1.5.0.2, ...)
 	{DSA-1051-1 DSA-1046-1}
 	- firefox 1.5.dfsg+1.5.0.2 (medium)
-	- mozilla-firefox <unfixed> (medium)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	- mozilla <unfixed> (medium)
 	- thunderbird 1.5.0.2-1 (low)
 	- xulrunner 1.8.0.1-9
@@ -28898,8 +28900,8 @@
 	- firefox <removed> (bug #349339)
 	- iceweasel <unfixed> (low; bug #349339)
 	[etch] - iceweasel <no-dsa> (Minor design issue, affects only broken
setups)
-	NOTE: mozilla-firefox is now a dummy package, so not vulnerable any more
 	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339)
+	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
 	- mozilla <unfixed> (low)
 	- iceape <unfixed> (low)
 	[etch] - iceape <no-dsa> (Minor design issue, affects only broken
setups)
Secure testing commits - Oct 2007 - r7038 - data/CVE

[Secure-testing-commits] r7038 - data/CVE
