[Secure-testing-commits] r14134 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Sun Feb 21 07:10:45 UTC 2010 

Author: gilbert-guest
Date: 2010-02-21 07:10:40 +0000 (Sun, 21 Feb 2010)
New Revision: 14134

Modified:
   data/CVE/list
Log:
NFUs; new chromium/webkit issues; unimportant old apache issue

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-02-20 21:16:07 UTC (rev 14133)
+++ data/CVE/list	2010-02-21 07:10:40 UTC (rev 14134)
@@ -1,47 +1,56 @@
 CVE-2010-0664 (Stack consumption vulnerability in the ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit <not-affected> (no v8 code included yet)
+	TODO: recheck as newer webkits are uploaded
 CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit 1.1.21-1 (low)
 CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	NOTE: claimed to be a windows-only issue
 CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit 1.1.21-1 (low)
 CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...)
 	TODO: check
 CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
-	TODO: check
+	NOT-FOR-US: Opera
 CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
-	TODO: check
+	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit 1.1.21-1 (low)
 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit <undetermined> (low)
+	TODO: check (not enough info available yet since webkit bug is still restricted)
 CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...)
 	TODO: check
 CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
+	- webkit 1.1.21-1 (medium)
 CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520334)
 CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
 	TODO: check
 CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -257,7 +266,6 @@
 CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...)
 	- ffmpeg <unfixed>
 	- ffmpeg-debian <removed>
-	TODO: check
 CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...)
 	{DSA-2000-1}
 	- ffmpeg 4:0.5+svn20090706-3
@@ -312,21 +320,27 @@
 CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...)
 	- chromium-browser <itp> (low; bug #520334)
 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...)
-	TODO: check
+	NOT-FOR-US: LoganPro
 CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...)
-	TODO: check
+	NOT-FOR-US: WebExpert 
 CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...)
-	TODO: check
+	NOT-FOR-US: WebLogExpert
 CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote ...)
-	TODO: check
+	NOT-FOR-US: SurfStats
 CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote ...)
-	TODO: check
+	NOT-FOR-US: WebTrends
 CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...)
 	NOT-FOR-US: Microsoft
 CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
-	TODO: check
+	- apache <removed> (unimportant)
+	- apache2 <removed> (unimportant; bug #570740)
+	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
+	NOTE: then that itself should be fixed
 CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
-	TODO: check
+	- apache <removed> (unimportant)
+	- apache2 <removed> (unimportant; bug #570740)
+	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
+	NOTE: then that itself should be fixed
 CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)
 	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
 CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
@@ -996,6 +1010,7 @@
 	NOT-FOR-US: Google SketchUp
 CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
 	- chromium-browser <itp> (bug #520324)
+	- webkit 1.1.21-1 (medium)
 CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
 	NOT-FOR-US: Safari
 CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)

More information about the Secure-testing-commits mailing list