diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2016-04-27 11:55:04 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2016-04-27 11:55:04 +0000 |
commit | c30ed9354d8d14ce2d31ba35d3085c905110e881 (patch) | |
tree | 2999fea218e0b6966ad74a0bb2e5c381adbed537 /data | |
parent | 6e17db3e70d071ba445782f2d08c894258c7d338 (diff) |
iceweasel is removed from sid
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@41232 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2004.list | 2 | ||||
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2006.list | 6 | ||||
-rw-r--r-- | data/CVE/2007.list | 20 | ||||
-rw-r--r-- | data/CVE/2008.list | 8 | ||||
-rw-r--r-- | data/CVE/2009.list | 8 | ||||
-rw-r--r-- | data/CVE/2011.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 74 |
9 files changed, 64 insertions, 64 deletions
diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 7a48c38c49..f674d4bddf 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -2353,7 +2353,7 @@ CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allo NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers NOTE: generally try to make sense of anything even remotely resembling HTML. - firefox <removed> (unimportant) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) - mozilla <removed> (unimportant) CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...) NOT-FOR-US: mailcarrier diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 19dd9ffea9..772069673f 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -501,7 +501,7 @@ CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ... CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...) NOTE: see CVE-2005-4684 - firefox <removed> (unimportant) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) - mozilla <removed> (unimportant) [sarge] - mozilla <no-dsa> (Hardly exploitable) - xulrunner <unfixed> (unimportant) @@ -5976,7 +5976,7 @@ CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and . - mediawiki 1.4.9 (bug #276057) CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...) - firefox <removed> (bug #320539; unimportant) - - iceweasel <unfixed> (bug #320539; unimportant) + - iceweasel <removed> (bug #320539; unimportant) - mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant) - mozilla <removed> (bug #320538; unimportant) NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security diff --git a/data/CVE/2006.list b/data/CVE/2006.list index a2af56b55c..b1245c9c59 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -678,7 +678,7 @@ CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a de CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...) NOT-FOR-US: Opera CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security problems NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash. NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840 @@ -3616,7 +3616,7 @@ CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...) - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) - icedove <unfixed> (unimportant) - mozilla <removed> (unimportant) - xulrunner <unfixed> (unimportant) @@ -10188,7 +10188,7 @@ CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows r CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...) - firefox 45.0-1 (unimportant) - firefox-esr 45.0esr-1 (unimportant) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) - mozilla <removed> (unimportant) - mozilla-firefox <removed> (unimportant) - xulrunner <unfixed> (unimportant) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 088cb262be..1a92aca241 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -113,7 +113,7 @@ CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2. - linux-2.6.24 <not-affected> (Vulnerable code not present) NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: browser dos not treated as security issues NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed? CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...) @@ -2094,7 +2094,7 @@ CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP be CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...) NOT-FOR-US: Oracle CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-5895 RESERVED @@ -3177,7 +3177,7 @@ CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the NOTE: The underlying PHP issue has been fixed in DSA 1206. NOTE: Plus, register_globals is not supported in Debian CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the NOTE: equivalent strings in UTF-7 NOTE: referring to the mozilla security team this is a non-issue and a duplicate of @@ -5735,7 +5735,7 @@ CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a deni CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...) - mozilla-firefox <removed> (unimportant) - mozilla <removed> (unimportant) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) - iceape <removed> (unimportant) CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...) NOT-FOR-US: Microsoft Internet Explorer @@ -9734,7 +9734,7 @@ CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Cens CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...) NOT-FOR-US: PHP Coupon Script CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security problems CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...) NOT-FOR-US: PHPChain @@ -10951,7 +10951,7 @@ CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a d CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...) NOT-FOR-US: Apple Safari CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes are not treated as security problems CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...) NOT-FOR-US: Microsoft Internet Explorer @@ -11381,7 +11381,7 @@ CVE-2007-XXXX [mydms SQL injection] CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...) NOT-FOR-US: fotokategori.asp CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...) - - iceweasel <unfixed> (unimportant; bug #556267) + - iceweasel <removed> (unimportant; bug #556267) [etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support) [lenny] - iceweasel <no-dsa> (Minor issue) CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...) @@ -11915,7 +11915,7 @@ CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...) NOT-FOR-US: Opera CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: I don't believe this has relevant security impact, such a black list NOTE: will register URLs found in the wild and the used adresses will be NOTE: volatile anyway @@ -13095,7 +13095,7 @@ CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...) NOT-FOR-US: Cisco CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Not exploitable CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...) NOT-FOR-US: Connectix Boards @@ -13469,7 +13469,7 @@ CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...) NOT-FOR-US: Google Desktop CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...) - - iceweasel <unfixed> (unimportant; bug #556268) + - iceweasel <removed> (unimportant; bug #556268) - iceape <removed> (unimportant) - epiphany-browser <unfixed> (unimportant; bug #556272) NOTE: only epiphany-gecko backend affected diff --git a/data/CVE/2008.list b/data/CVE/2008.list index e84d114964..ed9b7721bb 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -3438,7 +3438,7 @@ CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write a NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not NOTE: yet been fixed in Debian CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security issues CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...) {DSA-1907-1 DTSA-203-1} @@ -6863,7 +6863,7 @@ CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...) - viewvc 1.0.9-1 (bug #500779; unimportant) CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: reproducible but browser DoS not treated as security issue CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...) NOT-FOR-US: Windows Explorer @@ -9095,7 +9095,7 @@ CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...) NOT-FOR-US: phpMyRealty CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: browser dos not treated as security issues CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...) {DSA-1695-1} @@ -12423,7 +12423,7 @@ CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Managem CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...) NOT-FOR-US: WatchFire CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes / hangs not treated as security issues CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...) NOT-FOR-US: pnFlashGames diff --git a/data/CVE/2009.list b/data/CVE/2009.list index d13668076b..51787d7f73 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -5567,7 +5567,7 @@ CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: NOTE: This is a web site issue (open redirector), not a browser problem. CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) NOTE: This is a web site issue (open redirector), not a browser problem. - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...) NOT-FOR-US: Opera CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...) @@ -5577,7 +5577,7 @@ CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and NOTE: This is a web site issue (open redirector), not a browser problem. CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...) NOTE: This is a web site issue (open redirector), not a browser problem. - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...) {DSA-1887-1} - rails 2.2.3-1 (low; bug #545063) @@ -11476,7 +11476,7 @@ CVE-2009-0823 CVE-2009-0822 RESERVED CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser DoS not treated as security issues CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...) NOT-FOR-US: phpScheduleIt @@ -13447,7 +13447,7 @@ CVE-2009-0073 CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...) NOT-FOR-US: Internet Explorer CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: Browser crashes not treated as security issues CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...) NOT-FOR-US: Apple Safari diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 2c8b559c2f..a51bfb2acc 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -1484,7 +1484,7 @@ CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about th CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of ...) NOT-FOR-US: Opera CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera ...) @@ -13916,7 +13916,7 @@ CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem NOTE: xulrunner in wheezy is not covered by security support CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...) - xulrunner <removed> (unimportant) - - iceweasel <unfixed> (unimportant; bug #627552) + - iceweasel <removed> (unimportant; bug #627552) NOTE: Negligable impact CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...) {DSA-2235-1 DSA-2228-1 DSA-2227-1} diff --git a/data/CVE/2013.list b/data/CVE/2013.list index af3e7ba8cf..4cc1ab9269 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -3841,7 +3841,7 @@ CVE-2013-6064 CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before ...) NOT-FOR-US: WordPress Landing Pages Plugin CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first ...) - - iceweasel <unfixed> (unimportant) + - iceweasel <removed> (unimportant) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215 CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first ...) - chromium-browser 31.0.1650.57-1 (low) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index eda46b604d..7a3d76c9e3 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -3220,7 +3220,7 @@ CVE-2016-2806 [Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46] NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ CVE-2016-2805 [Memory safety bug fixed in Firefox ESR 38.8] RESERVED - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr <not-affected> (Only affects Firefox ESR 38.x) - firefox <not-affected> (Only affects Firefox ESR 38.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ @@ -3234,7 +3234,7 @@ CVE-2016-2803 RESERVED CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3242,7 +3242,7 @@ CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in .. - graphite2 1.3.6-1 CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3250,7 +3250,7 @@ CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil. - graphite2 1.3.6-1 CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3258,7 +3258,7 @@ CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 b - graphite2 1.3.6-1 CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3266,7 +3266,7 @@ CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr functi - graphite2 1.3.6-1 CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3274,7 +3274,7 @@ CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 - graphite2 1.3.6-1 CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3282,7 +3282,7 @@ CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite - graphite2 1.3.6-1 CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3290,7 +3290,7 @@ CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::C - graphite2 1.3.6-1 CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3298,7 +3298,7 @@ CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 befo - graphite2 1.3.6-1 CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3306,7 +3306,7 @@ CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in . - graphite2 1.3.6-1 CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3314,7 +3314,7 @@ CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Fir - graphite2 1.3.6-1 CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3322,7 +3322,7 @@ CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 b - graphite2 1.3.6-1 CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -3330,7 +3330,7 @@ CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1. - graphite2 1.3.6-1 CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -5829,7 +5829,7 @@ CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devi CVE-2016-1980 RESERVED CVE-2016-1979 (Use-after-free vulnerability in the ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5848,7 +5848,7 @@ CVE-2016-1978 (Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExcha - nss 2:3.21-1 CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 ...) {DSA-3520-1 DSA-3515-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -5860,13 +5860,13 @@ CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild - iceweasel <not-affected> (Windows-specific) CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/ CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5886,7 +5886,7 @@ CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozil - firefox-esr 45.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/ CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5895,7 +5895,7 @@ CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45 - brotli 0.3.0+dfsg-3 (bug #817233) NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5903,26 +5903,26 @@ CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the ...) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/ CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/ CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...) {DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/ CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/ CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5930,21 +5930,21 @@ CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/ CVE-2016-1962 (Use-after-free vulnerability in the ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/ CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/ CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -5952,32 +5952,32 @@ CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 st CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows ...) - firefox-esr 45.0esr-1 - firefox 45.0-1 - - iceweasel <unfixed> + - iceweasel <removed> [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/ CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and ...) {DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/ CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/ CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) [wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/ CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5985,13 +5985,13 @@ CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/ CVE-2016-1954 (The nsCSPContext::SendReports function in ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/ CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 44.x) @@ -5999,7 +5999,7 @@ CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Moz NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/ CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...) {DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/ @@ -6007,7 +6007,7 @@ CVE-2016-1951 RESERVED CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...) {DSA-3520-1 DSA-3510-1} - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 - icedove 38.7.0-1 @@ -6015,7 +6015,7 @@ CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services ( - nss 2:3.23-1 NOTE: NSS fixed in 3.21.1 CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the ...) - - iceweasel <unfixed> + - iceweasel <removed> - firefox-esr 45.0esr-1 - firefox 45.0-1 [jessie] - iceweasel <not-affected> (Only affects Firefox 43.x) |