Hi, I just discovered http://security-tracker.debian.net/tracker/ (shame on me not to have known it earlier) and have some comments for some bugs affecting mozilla-based packages.
CVE-2006-6506 doesn't apply to iceape CVE-2007-1116 also applies to xulrunner, and is reported as debian bugs #415919, #415944 and #415945. CVE-2006-6507 does apply neither to iceape nor to xulrunner CVE-2006-0496 also affects iceape and xulrunner CVE-2007-0801 also affects iceape and xulrunner, but, according to https://bugzilla.mozilla.org/show_bug.cgi?id=369428, is fixed since iceweasel 2.0.0.2, iceape 1.0.8 and xulrunner 1.8.0.10. I guess CVE-2007-1004 affects iceape, and *may* affect browsers based on xulrunner. CVE-2007-1084 may affect iceape and browsers based on xulrunner. I can't reproduce CVE-2006-4561 with xulrunner. Neither in 1.8.0.10-3 nor in earlier (I tried 1.8.0.5-4) version... Anyways, if firefox indeed got fixed in 1.5.0.7, then it means xulrunner was fixed in 1.8.0.7-1. And if the fix was really done in mozilla code base 1.8.0.7, then iceape was never exposed. Cheers, Mike _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
