Author: hertzog
Date: 2015-11-04 11:48:35 +0000 (Wed, 04 Nov 2015)
New Revision: 37556
Modified:
data/CVE/list
Log:
Update CVE-2015-7183 to apply on packages with embedded code copies too
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-11-04 11:14:40 UTC (rev 37555)
+++ data/CVE/list 2015-11-04 11:48:35 UTC (rev 37556)
@@ -2349,9 +2349,17 @@
- iceweasel <unfixed>
[squeeze] - iceweasel <end-of-life>
- nspr 2:4.10.10-1
+ - icedove 31.7.0-1~deb8u1
+ [squeeze] - icedove <end-of-life>
+ - wine-gecko-2.21 <unfixed>
+ - virtualbox-ose <removed>
+ - virtualbox <unfixed>
NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c
NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
+ NOTE: Icedove, wine-gecko-2.21, virtualbox(-ose)? have embedded copies
of nspr.
+ NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other
packages need to be recompiled:
+ NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
CVE-2015-7182
RESERVED
- nss 2:3.20.1-1
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
