Author: jmm-guest
Date: 2007-01-07 12:55:30 +0100 (Sun, 07 Jan 2007)
New Revision: 5214
Modified:
data/CVE/list
Log:
xulrunner fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-01-06 21:00:29 UTC (rev 5213)
+++ data/CVE/list 2007-01-07 11:55:30 UTC (rev 5214)
@@ -908,7 +908,7 @@
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and
...)
NOTE: MFSA-2006-73
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
NOTE: Flaw was introduced in Firefox 1.5.0.4
@@ -917,7 +917,7 @@
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9,
Thunderbird ...)
NOTE: MFSA-2006-72
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
- mozilla <removed> (high)
@@ -927,7 +927,7 @@
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for
...)
NOTE: MFSA-2006-71
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
- mozilla <removed> (high)
@@ -938,7 +938,7 @@
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before
2.0.0.1, 1.5.x ...)
NOTE: MFSA-2006-70
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
- mozilla <removed> (high)
@@ -948,7 +948,7 @@
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before
2.0.0.1, ...)
NOTE: MFSA-2006-69
- iceweasel <not-affected> (windows only)
- - xulrunner <not-affected> (windows only)
+ - xulrunner 1.8.0.9-1 (windows only)
- iceape <not-affected> (windows only)
- firefox <not-affected> (windows only)
- mozilla <not-affected> (windows only)
@@ -958,7 +958,7 @@
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1,
1.5.x ...)
NOTE: MFSA-2006-68
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
- mozilla <removed> (high)
@@ -970,7 +970,7 @@
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine
for ...)
NOTE: MFSA-2006-68
- iceweasel 2.0.0.1+dfsg-1 (high)
- - xulrunner <unfixed> (high)
+ - xulrunner 1.8.0.9-1 (high)
- iceape 1.0.7-1 (high)
- firefox <removed> (high)
- mozilla <removed> (high)
@@ -980,7 +980,7 @@
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for
Mozilla ...)
NOTE: MFSA-2006-68
- iceweasel 2.0.0.1+dfsg-1 (medium)
- - xulrunner <unfixed> (medium)
+ - xulrunner 1.8.0.9-1 (medium)
- iceape 1.0.7-1 (medium)
- firefox <removed> (medium)
- mozilla <removed> (medium)
@@ -1238,7 +1238,7 @@
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2
allow ...)
- phpmyadmin <unfixed> (unimportant; bug #404744)
[sarge] - phpmyadmin <no-dsa> (CRLF not backportable to Sarge)
- [etch] - phpmyadmin <no-dsa> (not exploitable with Etch's php versions)
+ [etch] - phpmyadmin <not-affected> (not exploitable with Etch's php
versions)
NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain
sensitive ...)
- phpmyadmin <unfixed> (unimportant)
@@ -4560,7 +4560,7 @@
CVE-2006-4843
RESERVED
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as
used in ...)
- - xulrunner <unfixed> (low; bug #405062)
+ - xulrunner 1.8.0.9-1 (low; bug #405062)
[sarge] - mozilla <unfixed> (low)
NOTE: could not find setuid binary in sid, but evolution-data-server
has a setgid mail binary
NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
