diff options
| author | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-11-24 05:10:27 +0000 |
|---|---|---|
| committer | Michael Gilbert <michael.s.gilbert@gmail.com> | 2009-11-24 05:10:27 +0000 |
| commit | d013be66be143398f97935cbf042e32957cca79d (patch) | |
| tree | 14bf6d4241b1c52d4d8972b92cf78c4c7ca6ec45 /data | |
| parent | 0300c7697f9d6cff04b043cc7d61b31f0b9cac18 (diff) | |
xulrunner triage
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@13362 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list | 12 | ||||
| -rw-r--r-- | data/DSA/list | 2 |
2 files changed, 9 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index db1d6c58d1..5b30316880 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -334,7 +334,7 @@ CVE-2009-3906 CVE-2009-XXXX [grub2: password bypass] - grub2 1.97+20091115-1 (bug #555195) [lenny] - grub2 <not-affected> (Password authentication not yet present) - NOTE: fixed in upstream verion 1.97.1 + - grub <not-affected> (only affects grub2) CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...) NOT-FOR-US: e-Courier CMS CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not ...) @@ -2912,7 +2912,9 @@ CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x bef CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...) NOT-FOR-US: K-Meleon CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...) - TODO: check + - xulrunner 1.9.1.3-3 (low) + - iceape 2.0-1 (low) + - webkit <not-affected> (proof-of-concept did not work) CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the ...) NOT-FOR-US: Maxthon Browser CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...) @@ -3142,7 +3144,9 @@ CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to c CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...) NOT-FOR-US: Microsoft CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...) - TODO: check + - xulrunner <unfixed> (unimportant; bug #557753) + - webkit <unfixed> (unimportant; bug #557752) + NOTE: browser denial-of-services are considered unimportant CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...) NOT-FOR-US: Sun Solaris CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...) @@ -31164,7 +31168,7 @@ CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net W CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...) NOT-FOR-US: Opera specific flash vulnerability CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in ...) - TODO: check + NOT-FOR-US: Linksys WAP4400N Wi-Fi access point CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...) NOT-FOR-US: Linksys WRT350N Wi-Fi access point CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...) diff --git a/data/DSA/list b/data/DSA/list index 582cb84a85..0b160abb7e 100644 --- a/data/DSA/list +++ b/data/DSA/list @@ -55,7 +55,7 @@ [etch] - libhtml-parser-perl 3.55-1+etch1 [lenny] - libhtml-parser-perl 3.56-1+lenny1 [28 Oct 2009] DSA-1922-1 xulrunner - several vulnerabilities - {CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382} + {CVE-2009-3007 CVE-2009-3274 CVE-2009-3370 CVE-2009-3372 CVE-2009-3373 CVE-2009-3374 CVE-2009-3375 CVE-2009-3376 CVE-2009-3380 CVE-2009-3382} [lenny] - xulrunner 1.9.0.15-0lenny1 [28 Oct 2009] DSA-1921-1 expat - denial of service {CVE-2009-3720} |