[Secure-testing-commits] r15692 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Dec 13 00:44:15 UTC 2010


Author: gilbert-guest
Date: 2010-12-13 00:44:15 +0000 (Mon, 13 Dec 2010)
New Revision: 15692

Modified:
   data/CVE/list
Log:
new openssh issue; clean up recent apple NFUs

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-12-13 00:10:17 UTC (rev 15691)
+++ data/CVE/list	2010-12-13 00:44:15 UTC (rev 15692)
@@ -228,8 +228,8 @@
 	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
 	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
 CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...)
-	- openssh <unfixed>
-	TODO: check
+	- openssh <unfixed> (bug #606922)
+	[lenny] - openssh <not-affected> (doesn't include J-PAKE)
 CVE-2010-4477
 	RESERVED
 CVE-2010-4476
@@ -1370,7 +1370,7 @@
 CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...)
 	NOT-FOR-US: Apple Type Services
 CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, ...)
 	{DSA-2128-1}
 	- libxml2 2.7.8.dfsg-1 (bug #602609)
@@ -1650,7 +1650,7 @@
 CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple Mail
 CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-3885
@@ -1835,18 +1835,18 @@
 	- mysql-5.1 5.1.49-3 (bug #599937) 
 	- mysql-dfsg-5.0 <removed>
 CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...)
-	NOT-FOR-US: Apple iOS
+	NOT-FOR-US: Apple iOS Telophony
 CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic ...)
-	NOT-FOR-US: Apple iOS
+	NOT-FOR-US: Apple iOS Photos
 CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...)
-	NOT-FOR-US: Apple iOS
+	NOT-FOR-US: Apple iOS Networking
 CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
-	NOT-FOR-US: Apple iOS
+	NOT-FOR-US: Apple iOS iAd
 CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
-	NOT-FOR-US: Apple iOS
+	NOT-FOR-US: Apple iOS configuration installation utility
 CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -1916,45 +1916,45 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
-	TODO: check
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3799
 	RESERVED
 CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before ...)
 	- xar <removed>
 CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple Wiki Server
 CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple Safari RSS
 CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime 
 CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickTime
 CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickLook
 CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple QuickLook
 CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple Printing
 CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...)
-	NOT-FOR-US: Apple Mac OS X
+	NOT-FOR-US: Apple Password Server
 CVE-2010-3782
 	RESERVED
 CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly ...)




More information about the Secure-testing-commits mailing list