white at alioth.debian.org
2009-Jan-28 01:04 UTC
[Secure-testing-commits] r11067 - data/CVE
Author: white
Date: 2009-01-28 01:04:57 +0000 (Wed, 28 Jan 2009)
New Revision: 11067
Modified:
data/CVE/list
Log:
Add maintainer''s input to missing ice* issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-01-28 00:27:43 UTC (rev 11066)
+++ data/CVE/list 2009-01-28 01:04:57 UTC (rev 11067)
@@ -1610,6 +1610,7 @@
- icedove 2.0.0.19-1
- iceape 1.1.14-1
- xulrunner 1.9.0.5-1
+ NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next
round
CVE-2008-5509
RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19,
Thunderbird ...)
@@ -1632,10 +1633,12 @@
- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to
bypass ...)
- iceweasel 3.0.5-1
+ NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to
run ...)
{DSA-1707-1}
- iceweasel 3.0
- xulrunner 1.9
+ [etch] - xulrunner <not-affected> (The vulnerable feature is only
included in 1.8.1 branch)
NOTE: Iceweasel 3.0 aka Xulrunner 1.9 not affected
NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before
...)
@@ -2897,6 +2900,7 @@
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
- iceape 1.1.13-1
+ NOTE: iceape will be checked by Alexander
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x
...)
{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- xulrunner 1.9.0.4-1
@@ -2915,6 +2919,7 @@
{DSA-1671-1}
- iceweasel 3.0.4-1
- xulrunner 1.9.0.4-1
+ NOTE: patch for xulrunner currently not suitable, Alexander will check this
further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4,
Firefox 2.x ...)
{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
- iceweasel 3.0.4-1