[Secure-testing-commits] r14547 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Thu Apr 22 01:01:13 UTC 2010 

Author: gilbert-guest
Date: 2010-04-22 01:01:05 +0000 (Thu, 22 Apr 2010)
New Revision: 14547

Modified:
   data/CVE/list
Log:
tested some webkit issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-22 00:17:28 UTC (rev 14546)
+++ data/CVE/list	2010-04-22 01:01:05 UTC (rev 14547)
@@ -753,17 +753,27 @@
 CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...)
 	NOT-FOR-US: IBM WebSphere Application Server 
 CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <unfixed>
+	- qt4-x11 <undetermined>
+	- kdebase <undetermined>
+	- kde4base <undetermined>
+	NOTE: proof of concept works against webkit; author claims arbitrary code
+	NOTE: execution possible with a different payload
 CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <unfixed>
+	- qt4-x11 <undetermined>
+	- kdebase <undetermined>
+	- kde4base <undetermined>
+	NOTE: proof of concept works against webkit; author claims arbitrary code
+	NOTE: execution possible with a different payload
 CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <not-affected>
 CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <not-affected>
 CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <not-affected>
 CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <not-affected>
 CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...)
 	NOT-FOR-US: Microsoft Internet Explorer 7.0 
 CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...)
@@ -1234,8 +1244,11 @@
 	NOT-FOR-US: Pulse CMS Basic
 CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...)
 	NOT-FOR-US: Pulse CMS Basic
-CVE-2010-0991
+CVE-2010-0991 [imlib2 issue]
 	RESERVED
+	- imlib2 <undetermined>
+	NOTE: http://seclists.org/bugtraq/2010/Apr/196
+	TODO: check
 CVE-2010-0990
 	RESERVED
 CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...)
@@ -13667,6 +13680,12 @@
 	NOT-FOR-US: ActiveX
 CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...)
 	- chromium-browser <itp> (bug #520324)
+	- webkit <unfixed>
+	- qt4-x11 <undetermined>
+	- kdebase <undetermined>
+	- kde4base <undetermined>
+	NOTE: proof of concept works against webkit; claimed dos-only, but may be
+	NOTE: be worse with a different payload
 CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...)
 	NOT-FOR-US: PumpKIN TFTP Server
 CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote ...)

More information about the Secure-testing-commits mailing list