Secure testing commits - Sep 2010 - r15288 - data/CVE

Author: jmm-guest
Date: 2010-09-08 08:20:11 +0000 (Wed, 08 Sep 2010)
New Revision: 15288

Modified:
   data/CVE/list
Log:
new mozilla issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-08 07:50:24 UTC (rev 15287)
+++ data/CVE/list	2010-09-08 08:20:11 UTC (rev 15288)
@@ -152,14 +152,30 @@
 	RESERVED
 CVE-2010-3170
 	RESERVED
-CVE-2010-3169
+CVE-2010-3169 [Miscellaneous memory safety hazards (rv:1.9.2.9/ 1.9.1.12)]
 	RESERVED
-CVE-2010-3168
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-3168 [XUL tree removal crash and remote code execution]
 	RESERVED
-CVE-2010-3167
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-3167 [Dangling pointer vulnerability in nsTreeContentView]
 	RESERVED
-CVE-2010-3166
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-3166 [Heap buffer overflow in nsTextFrameUtils::TransformText]
 	RESERVED
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3165
 	RESERVED
 CVE-2010-3164
@@ -1235,26 +1251,61 @@
 	[lenny] - mapserver <no-dsa> (Minor issue)
 CVE-2010-2770
 	RESERVED
-CVE-2010-2769
+	- xulrunner <not-affected> (The vulnerability is MacOS-specific)
+	- iceape <not-affected> (The vulnerability is MacOS-specific)
+CVE-2010-2769 [Copy-and-paste or drag-and-drop into designMode document allows
XSS]
 	RESERVED
-CVE-2010-2768
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2768 [UTF-7 XSS by overriding document charset using <object>
type attribute]
 	RESERVED
-CVE-2010-2767
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2767 [Dangling pointer vulnerability using DOM plugin array]
 	RESERVED
-CVE-2010-2766
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2766 [Crash and remote code execution in normalizeDocument]
 	RESERVED
-CVE-2010-2765
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2765 [Frameset integer overflow vulnerability]
 	RESERVED
-CVE-2010-2764
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2764 [Information leak via XMLHttpRequest statusText]
 	RESERVED
-CVE-2010-2763
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2763 [XSS using SJOW scripted function]
 	RESERVED
-CVE-2010-2762
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
+CVE-2010-2762 [SJOW creates scope chains ending in outer object]
 	RESERVED
+	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
 CVE-2010-2761
 	RESERVED
-CVE-2010-2760
+CVE-2010-2760 [Dangling pointer vulnerability in nsTreeSelection]
 	RESERVED
+	- xulrunner <unfixed>
+	- icedove <unfixed>
+	- iceape <unfixed>
+	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
 	- bugzilla <unfixed> (bug #595015; medium)
 CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)