Author: jmm
Date: 2012-12-12 09:26:58 +0000 (Wed, 12 Dec 2012)
New Revision: 20649
Modified:
data/CVE/list
Log:
jruby fixed
record mozilla issues not affecting stable
new chromium issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-12-11 21:14:21 UTC (rev 20648)
+++ data/CVE/list 2012-12-12 09:26:58 UTC (rev 20649)
@@ -1979,14 +1979,23 @@
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5840 (Use-after-free vulnerability in the
nsTextEditorState::PrepareEditor ...)
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5839 (Heap-based buffer overflow in the ...)
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in
Mozilla ...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
@@ -2001,12 +2010,18 @@
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5834
RESERVED
CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla
...)
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5832
RESERVED
CVE-2012-5831
@@ -2015,6 +2030,9 @@
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent
function in ...)
{DSA-2584-1 DSA-2583-1}
- iceweasel 10.0.11esr-1
@@ -3149,7 +3167,7 @@
- ruby1.8 <not-affected> (Only affects 1.9.x)
- ruby1.9.1 1.9.3.194-4 (bug #693024)
CVE-2012-5370 (JRuby computes hash values without properly restricting the
ability to ...)
- - jruby <unfixed> (bug #694694)
+ - jruby 1.5.6-5 (bug #694694)
[squeeze] - jruby <no-dsa> (Non-free not supported)
CVE-2012-5369
RESERVED
@@ -3682,16 +3700,23 @@
RESERVED
CVE-2012-5144
RESERVED
+ - chromium-browser <unfixed>
+ TODO: That might affect the internal ffmpeg copy
CVE-2012-5143
RESERVED
+ - chromium-browser <unfixed>
CVE-2012-5142
RESERVED
+ - chromium-browser <unfixed>
CVE-2012-5141
RESERVED
+ - chromium-browser <unfixed>
CVE-2012-5140
RESERVED
+ - chromium-browser <unfixed>
CVE-2012-5139
RESERVED
+ - chromium-browser <unfixed>
CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file
paths, ...)
- chromium-browser <unfixed>
CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before
23.0.1271.95 ...)
@@ -6349,10 +6374,16 @@
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4214 (Use-after-free vulnerability in the
nsTextEditorState::PrepareEditor ...)
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode
...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
@@ -6365,10 +6396,14 @@
RESERVED
CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox
ESR ...)
- iceweasel 10.0.11esr-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11,
...)
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0,
...)
- iceape <not-affected> (Doesn't affect the ESR series, only releases
from experimental)
- iceweasel <not-affected> (Doesn't affect the ESR series, only
releases from experimental)
@@ -6394,6 +6429,9 @@
- iceweasel 10.0.11esr-1
- icedove 10.0.11-1
- iceape 2.7.11-1
+ [squeeze] - iceweasel <not-affected> (Vulnerable code not present)
+ [squeeze] - icedove <not-affected> (Vulnerable code not present)
+ [squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before
17.0, ...)
{DSA-2584-1 DSA-2583-1}
- iceweasel 10.0.11esr-1
_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
