[Secure-testing-commits] r15749 - data/CVE

Fri Dec 24 13:44:57 UTC 2010

Author: jmm-guest
Date: 2010-12-24 13:44:56 +0000 (Fri, 24 Dec 2010)
New Revision: 15749

Modified:
   data/CVE/list
Log:
- one perl module dupe
- new mozilla issue
- opensc no-dsa, pending for spu
- pscs/ccid sre plain bugs, hardly security issues
- two more chrome issues


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-12-24 13:31:04 UTC (rev 15748)
+++ data/CVE/list	2010-12-24 13:44:56 UTC (rev 15749)
@@ -145,9 +145,11 @@
 CVE-2011-0046
 	RESERVED
 CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
-	TODO: check
+ 	- chromium-browser <unfixed>
+ 	- webkit <undetermined>
 CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
-	TODO: check
+ 	- chromium-browser <unfixed>
+ 	- webkit <undetermined>
 CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...)
 	- chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
@@ -212,11 +214,13 @@
 	TODO: check
 	NOTE: http://www.waraxe.us/advisory-77.html
 CVE-2010-XXXX [pcsc-lite buffer overflow]
-	- pcsc-lite <unfixed> (bug #607781)
+	- pcsc-lite 1.6.6-1 (unimportant; bug #607781)
 	NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
+	NOTE: Theoretical attack
 CVE-2010-XXXX [ccid driver buffer overflow]
-	- ccid <unfixed> (bug #607780)
+	- ccid <unfixed> (unimportant; bug #607780)
 	NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
+	NOTE: Theoretical attack
 CVE-2010-XXXX [webkit info leak]
 	- webkit <unfixed> (low)
 	- chromium-browser <undetermined> (low)
@@ -230,7 +234,8 @@
 	NOT-FOR-US: SAP NetWeaver Business Client
 CVE-2010-4523
 	RESERVED
-	- opensc 0.11.13-1.1 (bug #607427)
+	- opensc 0.11.13-1.1 (low; bug #607427)
+	[lenny] - opensc <no-dsa> (Minor issue)
 CVE-2010-4555
 	RESERVED
 CVE-2010-4554
@@ -420,7 +425,7 @@
 CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...)
 	NOT-FOR-US: CA Internet Security Suite
 CVE-2010-4501 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...)
-	TODO: check
+	NOTE: Dupe of CVE-2010-4334
 CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
 	NOT-FOR-US: MRCGIGUY FreeTicket
 CVE-2010-XXXX
@@ -1168,7 +1173,7 @@
 CVE-2010-4222
 	RESERVED
 CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...)
-	TODO: check
+	- xulrunner <undetermined>
 CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...)
 	- php5 <unfixed>
 	TODO: check


