thr3ads.net - Secure testing commits - [Secure-testing-commits] r7093

If this information is useful, please help other people find it:
Share via:
jmm-guest at alioth.debian.org
2007-Oct-24 22:14 UTC
[Secure-testing-commits] r7093 - data/CVE

Author: jmm-guest
Date: 2007-10-24 22:14:31 +0000 (Wed, 24 Oct 2007)
New Revision: 7093

Modified:
   data/CVE/list
Log:
more mozilla/sarge cleanups


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-10-24 20:57:42 UTC (rev 7092)
+++ data/CVE/list	2007-10-24 22:14:31 UTC (rev 7093)
@@ -6235,8 +6235,7 @@
 	[etch] - iceweasel <no-dsa> (Minor issue)
 	- iceape <unfixed> (low)
 	[etch] - iceape <no-dsa> (Minor issue)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner <unfixed> (low)
 	[etch] - xulrunner <no-dsa> (Minor issue)
 CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote
...)
@@ -6387,8 +6386,7 @@
 CVE-2007-3090 (Mozilla Firefox does not properly manage a delay timer used in
...)
 	- iceweasel <unfixed> (medium)
 	- iceape <unfixed> (medium)
-	- firefox <removed> (medium)
-	- mozilla <removed> (medium)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner <unfixed> (medium)
 CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of
document.write ...)
 	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
@@ -6426,8 +6424,7 @@
 CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to
read ...)
 	- iceweasel <unfixed> (low)
 	- iceape <unfixed> (low)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- xulrunner <unfixed> (low)
 CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and
...)
 	- iceweasel <unfixed>
@@ -8267,8 +8264,7 @@
 	{DSA-1392-1 DTSA-69-1}
 	- iceweasel 2.0.0.8-1 (low)
 	[etch] - iceweasel <no-dsa> (Minor issue)
-	- firefox <removed> (low)
-	- mozilla <removed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication
support for ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog
and ...)
@@ -11651,9 +11647,9 @@
 	- iceweasel 2.0.0.2+dfsg-1 (low)
 	- iceape 1.0.8-1 (low)
 	- xulrunner 1.8.0.10-1 (low)
-	[sarge] - mozilla-tunderbird <unfixed> (low)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x
...)
 	{DSA-1336-1}
 	- iceweasel 2.0.0.2+dfsg-2 (medium)
@@ -12205,8 +12201,7 @@
 	- iceape 1.0.8-1 (medium)
 	- xulrunner 1.8.0.10-1 (medium)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla <unfixed> (medium)
-	- firefox <removed> (medium)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5
...)
 	NOT-FOR-US: Ublog Reload
 CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog
Reload ...)
@@ -12296,8 +12291,8 @@
 	- icedove 1.5.0.10.dfsg1-1 (low)
 	- xulrunner 1.8.0.10-1 (high)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	[sarge] - mozilla-thunderbird <unfixed> (low)
-	[sarge] - mozilla <unfixed> (low)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	NOTE: Only one of the crashes can be triggered in Sarge, 326864
 CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function
...)
 	- libapache-mod-jk 1:1.2.21-1 (medium)
@@ -15140,7 +15135,7 @@
 CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird
before ...)
 	{DSA-1265-1}
 	NOTE: MFSA-2006-74
-	- mozilla-thunderbird <removed> (high)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
 	- icedove 1.5.0.9.dfsg1-1 (high)
 	- iceape 1.0.7-1 (high)
 	- mozilla <removed>
@@ -19482,9 +19477,8 @@
 CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute
arbitrary ...)
 	- xulrunner 1.8.0.7-1 (low)
 	- firefox 1.5.dfsg+1.5.0.7-1 (low)
-	- mozilla <unfixed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	- mozilla-firefox <removed> (low)
 CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to
...)
 	NOT-FOR-US: Internet Explorer
 CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet
Another ...)
@@ -29114,12 +29108,11 @@
 CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4
allow ...)
 	NOT-FOR-US: PHP GEN
 CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and
...)
-	- firefox <removed> (bug #349339)
 	- iceweasel <unfixed> (low; bug #349339)
 	[etch] - iceweasel <no-dsa> (Minor design issue, affects only broken
setups)
 	- mozilla-firefox 1.5.dfsg+1.5.0.3-2 (low; bug #349339)
 	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no
longer supported)
-	- mozilla <unfixed> (low)
+	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer
supported)
 	- iceape <unfixed> (low)
 	[etch] - iceape <no-dsa> (Minor design issue, affects only broken
setups)
 	- xulrunner <unfixed> (low)
@@ -29826,7 +29819,7 @@
 CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP
iCommerce ...)
 	NOT-FOR-US: GTP iCommerce
 CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird
1.0.2, ...)
-	- mozilla-thunderbird 1.5.0.2-1 (bug #349242; bug #363777; medium)
+	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no
longer supported)
 CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote
attackers ...)
 	NOT-FOR-US: WhiteAlbum
 CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10
allows ...)
Secure testing commits - Oct 2007 - r7093 - data/CVE

[Secure-testing-commits] r7093 - data/CVE
