Author: gilbert-guest
Date: 2009-10-30 22:42:38 +0000 (Fri, 30 Oct 2009)
New Revision: 13159
Modified:
data/CVE/list
Log:
- xulrunner >1.9.1 is in unstable; fix up some tracking
- remove squeeze hacks for stuff that is no longer automatically transitioning
from stable
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-30 22:42:27 UTC (rev 13158)
+++ data/CVE/list 2009-10-30 22:42:38 UTC (rev 13159)
@@ -3707,9 +3707,9 @@
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before
3.5.2 ...)
- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
- - xulrunner <not-affected> (medium; bug #540961)
- NOTE: vorbis support added in 1.9.0.13 and 1.9.1.0, which have not yet entered
the archive
- TODO: recheck when 1.9.0.13 or 1.9.1.x enter stable/unstable
+ - xulrunner 1.9.1.2-1 (medium; bug #540961)
+ [etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
+ [lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows
remote ...)
{DSA-1873-1}
- xulrunner 1.9.0.13-1
@@ -3745,7 +3745,6 @@
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote ...)
{DSA-1873-1}
- xulrunner 1.9.0.13-1 (low; bug #539891)
- [squeeze] - xulrunner 1.9.0.13-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-2653 (** DISPUTED ** ...)
NOT-FOR-US: Microsoft Windows
@@ -4193,9 +4192,9 @@
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function
in ...)
- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote
...)
- - xulrunner <not-affected>
- NOTE: Affected version only available in experimental, only Firefox 3.5,
- NOTE: Fixed in experimental in 1.9.1.1-1
+ - xulrunner 1.9.1.1-1
+ [etch] - xulrunner <not-affected> (only affects firefox 3.5)
+ [lenny] - xulrunner <not-affected> (only affects firefox 3.5)
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of
...)
- xulrunner <not-affected> (unimportant)
NOTE: browser crashes not treated as security issues
@@ -5982,58 +5981,48 @@
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox
before ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not
check ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect
principal with ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before
...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <not-affected> (Doesn''t affect Gecko 1.8)
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17
associate ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in
netwerk/dns/src/nsIDNService.cpp in ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11,
Thunderbird ...)
{DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and
...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
@@ -7230,7 +7219,6 @@
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11,
Thunderbird ...)
{DSA-1830-1 DSA-1820-1}
- xulrunner 1.9.0.11-1
- [squeeze] - xulrunner 1.9.0.11-0lenny1
[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer
covered by security support)
- icedove 2.0.0.22-1 (bug #535124)
[squeeze] - icedove 2.0.0.22-0lenny1
@@ -7531,7 +7519,6 @@
- xulrunner 1.9.0.10-1 (low)
[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
- [squeeze] - xulrunner <not-affected> (introduced in 1.9.0.9)
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block
...)
{DSA-1797-1}
- xulrunner 1.9.0.9-1
@@ -11639,7 +11626,6 @@
{DSA-1794-1 DSA-1787-1 DSA-1749-1}
- linux-2.6 2.6.29-1 (low)
- linux-2.6.24 <removed>
- [squeeze] - linux-2.6 2.6.26-13lenny1
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows
remote ...)
NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes
I/O ...)