Author: derevko-guest Date: 2009-08-04 15:15:05 +0000 (Tue, 04 Aug 2009) New Revision: 12476 Modified: data/CVE/list Log: CVE-2009-2408 and CVE-2009-2404 are fixed in nss 3.12.3-1 Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-04 11:21:37 UTC (rev 12475) +++ data/CVE/list 2009-08-04 15:15:05 UTC (rev 12476) @@ -31,7 +31,7 @@ CVE-2009-2408 (Mozilla Firefox before 3.5 and NSS before 3.12.3 do not properly ...) - openssl <unfixed> (medium; bug #539499) - xulrunner <unfixed> (medium) - - nss 3.12.3-1 (medium) + - nss 3.12.3-1 (medium; bug #539934) NOTE: asked maintainer to check whether openssl affected NOTE: fixed in iceweasel 3.0.13 and 3.5.2, which have yet to be uploaded TODO: check whether other web browsers are affected and file bugs @@ -690,7 +690,7 @@ CVE-2009-2405 RESERVED CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...) - TODO: check + - nss 3.12.3-1 (low; bug #539934) CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...) NOT-FOR-US: SCMPX CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...)