Author: jmm
Date: 2011-11-15 07:22:10 +0000 (Tue, 15 Nov 2011)
New Revision: 17614
Modified:
data/CVE/list
Log:
fix fixed icedove version
more icedove/oldstable end-of-lifes
NFUs
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-11-14 21:15:51 UTC (rev 17613)
+++ data/CVE/list 2011-11-15 07:22:10 UTC (rev 17614)
@@ -1442,7 +1442,7 @@
CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and
earlier, ...)
NOT-FOR-US: Movable Type plugin
CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link
DES-3800 ...)
- TODO: check
+ NOT-FOR-US: D-Link device
CVE-2011-3991 (Untrusted search path vulnerability in FFFTP 1.98a and earlier
allows ...)
NOT-FOR-US: FFFTP
CVE-2011-3990
@@ -2245,7 +2245,7 @@
- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and
Thunderbird ...)
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- - icedove 3.1.15-1
+ - icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- xulrunner <removed>
- iceweasel 8.0-1
@@ -2256,7 +2256,7 @@
- iceweasel <not-affected> (Windows-specific)
CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox
before ...)
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- - icedove 3.1.15-1
+ - icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- xulrunner <removed>
- iceweasel 8.0-1
@@ -2265,7 +2265,7 @@
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and
Thunderbird ...)
{DSA-2345-1 DSA-2342-1 DSA-2341-1}
- - icedove 3.1.15-1
+ - icedove 3.1.16-1
[lenny] - icedove <end-of-life>
- xulrunner <removed>
- iceweasel 7.0-1
@@ -5128,9 +5128,9 @@
CVE-2011-2678 (The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows
...)
NOT-FOR-US: Cisco VPN Client
CVE-2011-2677 (Cybozu Office before 8.0.0 allows remote authenticated users to
bypass ...)
- TODO: check
+ NOT-FOR-US: Cybozu Office
CVE-2011-2676 (The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3,
and ...)
- TODO: check
+ NOT-FOR-US: A-Form
CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before
110916 ...)
NOT-FOR-US: Enkai-kun
CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to
the ...)
@@ -5173,9 +5173,9 @@
CVE-2011-2657
RESERVED
CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks
Handheld ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks
CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks
Handheld ...)
- TODO: check
+ NOT-FOR-US: Novell ZENworks
CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager
1.1.2 ...)
NOT-FOR-US: Novell Cloud Manager
CVE-2011-2653
@@ -5381,7 +5381,7 @@
CVE-2011-2570
RESERVED
CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified
Computing ...)
- TODO: check
+ NOT-FOR-US: Cisco NX-OS
CVE-2011-2568
RESERVED
CVE-2011-2567
@@ -5699,13 +5699,13 @@
CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633
allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633
allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to
execute ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633
allows ...)
- TODO: check
+ NOT-FOR-US: Adobe Shockwave
CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before
11.1.102.55 on ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player
before ...)
@@ -5930,6 +5930,7 @@
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
+ [lenny] - icedove <end-of-life>
CVE-2011-2364 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
- xulrunner <not-affected> (Only affects Firefox >= 3.6)
- iceweasel <not-affected> (Only affects Firefox >= 3.6)
@@ -5944,6 +5945,7 @@
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
+ [lenny] - icedove <end-of-life>
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and
...)
{DSA-2273-3 DSA-2269-1 DSA-2268-1}
- iceweasel 3.5.19-3
@@ -5953,6 +5955,7 @@
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
+ [lenny] - icedove <end-of-life>
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome
before ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <unfixed> (unimportant)
@@ -12665,6 +12668,7 @@
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla
Firefox ...)
{DSA-2297-1 DSA-2296-1 DSA-2295-1}
- icedove 3.1.12-1
@@ -12683,6 +12687,7 @@
- iceape 2.0.14-3
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.11-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla
Firefox ...)
- xulrunner <removed>
- iceweasel <unfixed> (low; bug #627552)
@@ -12698,6 +12703,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
@@ -12709,6 +12715,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -12717,6 +12724,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in
...)
- xulrunner <not-affected> (Only affects MacOS X)
- iceweasel <not-affected> (Only affects MacOS X)
@@ -12728,6 +12736,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -12736,6 +12745,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and
SeaMonkey ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -12751,6 +12761,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before
3.5.19 and ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -12759,6 +12770,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <removed>
@@ -12767,6 +12779,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2235-1 DSA-2228-1 DSA-2227-1}
- xulrunner <not-affected> (Vulnerable code not present)
@@ -12775,6 +12788,7 @@
- iceape 2.0.14-1
[lenny] - iceape <not-affected> (Only a stub package)
- icedove 3.1.10-1
+ [lenny] - icedove <end-of-life>
CVE-2011-0068
RESERVED
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
@@ -15275,6 +15289,7 @@
{DSA-2132-1}
- xulrunner <removed>
- icedove 3.0.11-1
+ [lenny] - icedove <end-of-life>
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
@@ -15286,6 +15301,7 @@
- xulrunner <removed>
- iceweasel 3.5.16-1
- icedove 3.0.11-1
+ [lenny] - icedove <end-of-life>
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
@@ -15369,6 +15385,7 @@
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.10-1
- icedove 3.0.10-1
+ [lenny] - icedove <end-of-life>
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8,
3.4.8, ...)
@@ -16925,11 +16942,13 @@
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- icedove 3.0.9-1
+ [lenny] - icedove <end-of-life>
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before
3.5.14 ...)
- icedove 3.0.9-1
+ [lenny] - icedove <end-of-life>
- iceweasel <not-affected> (run-mozilla.sh not used)
CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before
3.5.14 ...)
- iceweasel <not-affected> (Windows-specific)
@@ -16941,6 +16960,7 @@
[lenny] - iceweasel <not-affected> (Lenny''s iceweasel uses
Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ [lenny] - icedove <end-of-life>
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality
in ...)
{DSA-2124-1}
- xulrunner <removed>