Commit 78ba4f19 authored by Moritz Muehlenhoff's avatar Moritz Muehlenhoff

two kernel issues n/a for wheezy

more xulrunner/wheezy cleanups
vala n/a


git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@31359 e39458fd-73e7-0310-bf30-c45bca0a0e42
parent 89fab9bd
......@@ -6369,13 +6369,12 @@ CVE-2014-8155
RESERVED
CVE-2014-8154 [Heap-buffer overflow in vala-gstreamer bindings at Gst.MapInfo()]
RESERVED
- vala-0.26 <undetermined>
- vala-0.16 <removed>
- vala-0.14 <removed>
- vala <removed>
- vala-0.26 <unfixed>
- vala-0.16 <not-affected> (MapInfo not yet present)
- vala-0.14 <not-affected> (MapInfo not yet present)
- vala <not-affected> (MapInfo not yet present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663
NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
TODO: check
CVE-2014-8153 [L3 agent denial of service with radvd 2.0+]
RESERVED
- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
......@@ -6658,6 +6657,7 @@ CVE-2014-8240 (Integer overflow in TigerVNC allows remote VNC servers to cause a
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...)
- linux 3.16.7-ckt2-1
[wheezy] - linux <not-affected> (Vulnerable code not present)
- linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089
......@@ -7269,6 +7269,7 @@ CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1)
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
- linux 3.16.7-ckt2-1
[wheezy] - linux <not-affected> (Affected feature not enabled)
- linux-2.6 <removed> (unimportant)
NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
......@@ -81288,12 +81289,13 @@ CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMon
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...)
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...)
{DSA-2132-1}
- xulrunner <removed> (unimportant)
......@@ -81328,38 +81330,42 @@ CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the render
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...)
{DSA-2132-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- icedove 3.0.11-1
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...)
- xulrunner <removed>
- xulrunner <removed> (unimportant)
[lenny] - xulrunner <not-affected> (Vulnerable code not present)
- icedove 3.0.11-1
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before ...)
{DSA-2132-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...)
- xulrunner <removed>
- xulrunner <removed> (unimportant)
[lenny] - xulrunner <not-affected> (Vulnerable code not present)
- iceweasel 3.5.16-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.11-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.15-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.10-1
......@@ -81367,6 +81373,7 @@ CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ..
[lenny] - icedove <end-of-life>
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...)
- bugzilla 3.6.3.0-1 (bug #602420; low)
[squeeze] - bugzilla 3.6.2.0-4.2
......@@ -82921,7 +82928,7 @@ CVE-2010-3184
RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- icedove 3.0.9-1
......@@ -82929,6 +82936,7 @@ CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefo
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - xulrunner <not-affected> (bug in optimization added later)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 ...)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
......@@ -82937,56 +82945,62 @@ CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5
- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- icedove 3.0.9-1
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
[lenny] - icedove <end-of-life>
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
{DSA-2124-1}
- xulrunner <removed>
- xulrunner <removed> (unimportant)
- icedove 3.0.9-1
[lenny] - icedove <end-of-life>
- iceweasel 3.5.14-1
[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
- iceape 2.0.9-1
[lenny] - iceape <not-affected> (Only a stub package)
NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...)
{DSA-2123-1}
- nss 3.12.8-1
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment