CVE-2011-1712

2011-07-17 Thread Mike Hommey
Hi, CVE-2011-1712 is fixed in iceweasel >= 4.0.1. Mike -- To UNSUBSCRIBE, email to debian-security-tracker-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110717103203.gb4...@glandium.org

CVE-2011-2370

2011-07-17 Thread Mike Hommey
Hi, CVE-2011-2370 is marked as affecting iceweasel versions >= 5.0, where the issue is fixed (MFSA-2011-28), and on versions < 4.0 where the issue (supposedly) doesn't exist. xulrunner versions 1.9.x are supposedly non affected, as well as all versions of iceape and icedove. Cheers, Mike --

Some more xulrunner CVEs [Was: CVE-2010-1206]

2010-07-21 Thread Mike Hommey
On Mon, Jul 19, 2010 at 06:45:21PM +0200, Mike Hommey wrote: > Hi, > > As I started to work on next round of mozilla security updates, I found > out that CVE-2010-1206 doesn't apply to 3.0.x and earlier, because the > faulty code was introduced in 3.1b1 by > https

Re: Some more xulrunner CVEs [Was: CVE-2010-1206]

2010-07-21 Thread Mike Hommey
On Tue, Jul 20, 2010 at 06:26:17PM +0200, Mike Hommey wrote: > On Mon, Jul 19, 2010 at 06:45:21PM +0200, Mike Hommey wrote: > > Hi, > > > > As I started to work on next round of mozilla security updates, I found > > out that CVE-2010-1206 doesn't apply to 3.0.x and

CVE-2010-1206

2010-07-19 Thread Mike Hommey
Hi, As I started to work on next round of mozilla security updates, I found out that CVE-2010-1206 doesn't apply to 3.0.x and earlier, because the faulty code was introduced in 3.1b1 by https://bugzilla.mozilla.org/show_bug.cgi?id=254714 Also, the vulnerable package is not xulrunner, in this case,

Re: Some CVE updates

2010-04-13 Thread Mike Hommey
On Wed, Apr 14, 2010 at 12:27:49AM +0200, Mike Hommey wrote: > Hi, > > I went through the CVE list on the security tracker, and noted 2 CVEs > marked as vulnerable in testing/unstable while it is not the case: > - CVE-2009-4630 was fixed during the gecko 1.9.1 development cycle,

Some CVE updates

2010-04-13 Thread Mike Hommey
Hi, I went through the CVE list on the security tracker, and noted 2 CVEs marked as vulnerable in testing/unstable while it is not the case: - CVE-2009-4630 was fixed during the gecko 1.9.1 development cycle, and as such was already fixed in all 2.x versions of iceape and 1.9.1.x and 1.9.2.x v

CVE-2006-4965

2007-09-18 Thread Mike Hommey
Hi, So as you know, CVE-2006-4965 has been revived is MFSA-2007-28 [1], but as far as I can tell, it's a Windows only issue. Cheers, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]