[Secure-testing-commits] r14548 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Apr 22 19:45:00 UTC 2010
Author: jmm-guest
Date: 2010-04-22 19:44:54 +0000 (Thu, 22 Apr 2010)
New Revision: 14548
Modified:
data/CVE/list
Log:
- no-dsa for several qtwebkit issues
- sun java no-dsa
- kfreebsd not-dsa
- iceape not-affected
- xemacs21 no-dsa
- xmlsec1 no-dsa
- xulrunner issue is windows-specific
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-22 01:01:05 UTC (rev 14547)
+++ data/CVE/list 2010-04-22 19:44:54 UTC (rev 14548)
@@ -255,6 +255,7 @@
RESERVED
CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...)
- sun-java6 <unfixed> (high)
+ [lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2010-XXXX [gource: predictable log file located in /tmp]
- gource 0.26-2 (low; bug #577958)
CVE-2010-XXXX [webkit: lots of dns lookups]
@@ -1819,6 +1820,7 @@
- emacs22 <unfixed> (low)
[lenny] - emacs22 <no-dsa> (Minor issue)
- xemacs21 <unfixed> (low)
+ [lenny] - xemacs21 <no-dsa> (Minor issue)
[lenny] - xmacs21 <no-dsa> (Minor issue)
- emacs23 <unfixed> (low)
TODO: check and file bugs, can still be fixed through spus by the maintainers
@@ -3490,9 +3492,9 @@
[lenny] - lib3ds <no-dsa> (Minor issue)
[etch] - lib3ds <no-dsa> (Minor issue)
NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
- TODO: check affected versions and file bug
NOTE: issue was published saying it affects google sketchup,
NOTE: but the vulnerable code is in lib3ds
+ NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9
CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ...)
NOT-FOR-US: BTS-GI Read excel
CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft ...)
@@ -3856,9 +3858,8 @@
- iceape 2.0.3-1
[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in ...)
- - xulrunner 1.9.1.8-1
- - iceape 2.0.3-1
- [lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
+ - xulrunner <not-affected> (Windows-specific)
+ - iceape <not-affected> (Windows-specific)
CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 ...)
- xulrunner 1.9.1.8-1
[etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
@@ -7596,6 +7597,7 @@
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
- webkit 1.1.17-2 (medium; bug #559759)
- qt4-x11 4:4.6.2-4 (bug #561760)
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- kdelibs <not-affected> (vulnerable code not present)
@@ -10437,6 +10439,7 @@
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
- kfreebsd-8 8.0-1 (bug #572811)
- kfreebsd-7 7.3-1 (bug #572811)
+ [lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
- kfreebsd-6 <removed> (bug #572811)
[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...)
@@ -12988,6 +12991,7 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <unfixed> (low)
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
{DSA-1988-1}
@@ -13126,6 +13130,7 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <unfixed>
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
{DSA-1950-1}
@@ -18960,6 +18965,7 @@
{DSA-1995-1 DSA-1849-1 DTSA-205-1}
- xml-security-c 1.4.0-4
- xmlsec1 1.2.12-1
+ [lenny] - xmlsec1 <no-dsa> (Minor issue)
- mono 2.4.2.3+dfsg-1
NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
NOTE: http://anonsvn.mono-project.com/viewvc?view=rev&revision=137891
@@ -19080,6 +19086,7 @@
CVE-2008-5913 (An unspecified function in the JavaScript implementation in Mozilla ...)
- xulrunner <unfixed> (bug #559792)
- iceape <unfixed>
+ [lenny] - iceape <not-affected> (Just a stub package)
NOTE: fixed upstream https://bugzilla.mozilla.org/show_bug.cgi?id=cve-2008-5913
TODO: check next set of MFSA's
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...)
@@ -25221,6 +25228,7 @@
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
- webkit 1.0.1-4 (bug #499771)
- qt4-x11 4:4.6.2-4 (bug #561760)
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
@@ -28339,6 +28347,7 @@
- kdelibs <unfixed>
- kde4libs <unfixed>
- qt4-x11 4:4.6.2-4
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
@@ -60967,6 +60976,7 @@
- webkit 1.0.1-1 (bug #535793)
NOTE: http://trac.webkit.org/changeset/33380
- qt4-x11 4:4.6.2-4 (low; bug #561760)
+ [lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
- kdelibs <not-affected> (bug #561765)
- kde4libs <undetermined> (bug #561762)
More information about the Secure-testing-commits
mailing list