Author: derevko-guest Date: 2009-07-18 05:40:33 +0000 (Sat, 18 Jul 2009) New Revision: 12372 Modified: data/CVE/list Log: xulrunner and vlc issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-07-18 05:17:37 UTC (rev 12371) +++ data/CVE/list 2009-07-18 05:40:33 UTC (rev 12372) @@ -1,11 +1,12 @@ CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...) - TODO: check + - vlc <not-affected> (The vulnerability affects Windows builds only) CVE-2009-2479 (Stack-based buffer overflow in Mozilla Firefox 3.5 allows remote ...) - TODO: check + - xulrunner <not-affected> + NOTE: Affected version only available in experimental, only Firefox 3.5 + TODO: check when 3.5 gets uploaded to unstable CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...) - TODO: check -CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...) - TODO: check + - xulrunner <not-affected> (unimportant) + NOTE: browser crashes not treated as security issues CVE-2009-2476 RESERVED CVE-2009-2475 @@ -110,9 +111,10 @@ NOT-FOR-US: Xigla Software Absolute News Feed CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...) NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET -CVE-2009-XXXX [Mozilla: shellcode injection in Javascript engine] +CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...) - xulrunner <not-affected> (high; bug #537104) NOTE: Affected version only available in experimental, only Firefox 3.5 + TODO: check when 3.5 gets uploaded to unstable CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...) NOT-FOR-US: Tall Emu Online Armor Personal Firewall CVE-2009-2449 (Directory traversal vulnerability in ...) @@ -174,7 +176,6 @@ TODO: check after 2.3.x upload NOTE: vulnerable code not present, introduced in 2.3.x NOTE: to be fixed in upstream version 2.3.3 - TODO: check CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...) - mysql-dfsg-5.0 <unfixed> (low; bug #536726) TODO: check lenny/sid; they are likely fixed according to the report, but i did not check