Author: jmm
Date: 2015-01-15 15:54:00 +0000 (Thu, 15 Jan 2015)
New Revision: 31359
Modified:
data/CVE/list
Log:
two kernel issues n/a for wheezy
more xulrunner/wheezy cleanups
vala n/a
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-15 11:39:25 UTC (rev 31358)
+++ data/CVE/list 2015-01-15 15:54:00 UTC (rev 31359)
@@ -6369,13 +6369,12 @@
RESERVED
CVE-2014-8154 [Heap-buffer overflow in vala-gstreamer bindings at
Gst.MapInfo()]
RESERVED
- - vala-0.26 <undetermined>
- - vala-0.16 <removed>
- - vala-0.14 <removed>
- - vala <removed>
+ - vala-0.26 <unfixed>
+ - vala-0.16 <not-affected> (MapInfo not yet present)
+ - vala-0.14 <not-affected> (MapInfo not yet present)
+ - vala <not-affected> (MapInfo not yet present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663
NOTE:
https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
- TODO: check
CVE-2014-8153 [L3 agent denial of service with radvd 2.0+]
RESERVED
- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
@@ -6658,6 +6657,7 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in
fs/ext4/file.c ...)
- linux 3.16.7-ckt2-1
+ [wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089
@@ -7269,6 +7269,7 @@
NOTE: Support for SOFT_DISABLE to syscall events was added in
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d
(v3.13-rc1)
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through
3.17.2 does ...)
- linux 3.16.7-ckt2-1
+ [wheezy] - linux <not-affected> (Affected feature not enabled)
- linux-2.6 <removed> (unimportant)
NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
NOTE: Fixed by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9
(v3.18-rc3)
@@ -81288,12 +81289,13 @@
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in
netwerk/base/public/nsNetUtil.h ...)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and
SeaMonkey ...)
{DSA-2132-1}
- xulrunner <removed> (unimportant)
@@ -81328,38 +81330,42 @@
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before
3.5.16 and ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.11-1
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (font-face support introduced in
1.9.1)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13,
Thunderbird ...)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner <not-affected> (Vulnerable code not present)
- icedove 3.0.11-1
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox
before ...)
{DSA-2132-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16
and ...)
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
[lenny] - xulrunner <not-affected> (Vulnerable code not present)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11,
...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.15-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.10-1
@@ -81367,6 +81373,7 @@
[lenny] - icedove <end-of-life>
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8,
3.4.8, ...)
- bugzilla 3.6.3.0-1 (bug #602420; low)
[squeeze] - bugzilla 3.6.2.0-4.2
@@ -82921,7 +82928,7 @@
RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla
Firefox ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- icedove 3.0.9-1
@@ -82929,6 +82936,7 @@
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before
3.5.14 ...)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
@@ -82937,56 +82945,62 @@
- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in
Mozilla ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.9-1
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - icedove <end-of-life>
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality
in ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,
Thunderbird ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the
Gopher ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in
Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in
experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla
Firefox ...)
{DSA-2124-1}
- - xulrunner <removed>
+ - xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner
from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
+ NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and
3.6.x ...)
{DSA-2123-1}
- nss 3.12.8-1
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
