Author: gilbert-guest
Date: 2009-11-24 05:10:27 +0000 (Tue, 24 Nov 2009)
New Revision: 13362
Modified:
data/CVE/list
data/DSA/list
Log:
xulrunner triage
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-11-24 04:54:22 UTC (rev 13361)
+++ data/CVE/list 2009-11-24 05:10:27 UTC (rev 13362)
@@ -334,7 +334,7 @@
CVE-2009-XXXX [grub2: password bypass]
- grub2 1.97+20091115-1 (bug #555195)
[lenny] - grub2 <not-affected> (Password authentication not yet present)
- NOTE: fixed in upstream verion 1.97.1
+ - grub <not-affected> (only affects grub2)
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier
CMS ...)
NOT-FOR-US: e-Courier CMS
CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not
...)
@@ -2912,7 +2912,9 @@
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the
address ...)
NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1,
allow ...)
- TODO: check
+ - xulrunner 1.9.1.3-3 (low)
+ - iceape 2.0-1 (low)
+ - webkit <not-affected> (proof-of-concept did not work)
CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to
spoof the ...)
NOT-FOR-US: Maxthon Browser
CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the
address ...)
@@ -3142,7 +3144,9 @@
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
- TODO: check
+ - xulrunner <unfixed> (unimportant; bug #557753)
+ - webkit <unfixed> (unimportant; bug #557752)
+ NOTE: browser denial-of-services are considered unimportant
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun
Solaris ...)
NOT-FOR-US: Sun Solaris
CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for
password ...)
@@ -31164,7 +31168,7 @@
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and
earlier, ...)
NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as
used in ...)
- TODO: check
+ NOT-FOR-US: Linksys WAP4400N Wi-Fi access point
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with
firmware ...)
NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when
...)
Modified: data/DSA/list
==================================================================---
data/DSA/list 2009-11-24 04:54:22 UTC (rev 13361)
+++ data/DSA/list 2009-11-24 05:10:27 UTC (rev 13362)
@@ -55,7 +55,7 @@
[etch] - libhtml-parser-perl 3.55-1+etch1
[lenny] - libhtml-parser-perl 3.56-1+lenny1
[28 Oct 2009] DSA-1922-1 xulrunner - several vulnerabilities
- {CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374
CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382}
+ {CVE-2009-3007 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373
CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382}
[lenny] - xulrunner 1.9.0.15-0lenny1
[28 Oct 2009] DSA-1921-1 expat - denial of service
{CVE-2009-3720}