[Secure-testing-commits] r19666 - data/CVE

Yves-Alexis Perez Wed, 04 Jul 2012 23:17:56 -0700

Author: corsac
Date: 2012-07-05 06:17:39 +0000 (Thu, 05 Jul 2012)
New Revision: 19666


Modified:
   data/CVE/list
Log:
remove bugzilla check, squeeze does indeed seem vulnerable


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-07-05 06:09:20 UTC (rev 19665)
+++ data/CVE/list       2012-07-05 06:17:39 UTC (rev 19666)
@@ -8105,7 +8105,8 @@
        - iceweasel <not-affected> (Only affects Firefox on Windows)
 CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi 
in ...)
        - bugzilla <removed>
-       TODO: check
+       NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=725663
+       NOTE: upstream bug only talks about 4.x but afaict the vulnerable code 
already exists in 3.x
 CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before 
10.0.1, ...)
        - icedove <not-affected> (Introduced in Thunderbird 10)
        - iceweasel 10.0.1-1


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19666 - data/CVE

Reply via email to