[Secure-testing-commits] r14135 - data/CVE

Sun Feb 21 07:26:05 UTC 2010

Author: gilbert-guest
Date: 2010-02-21 07:25:59 +0000 (Sun, 21 Feb 2010)
New Revision: 14135

Modified:
   data/CVE/list
Log:
add webkit embeds; bugs for new xulrunner issues; fix typo

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-02-21 07:10:40 UTC (rev 14134)
+++ data/CVE/list	2010-02-21 07:25:59 UTC (rev 14135)
@@ -13,6 +13,9 @@
 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit 1.1.21-1 (low)
+	- qt4-x11 <undetermined> (low)
+	- kdelibs <undetermined> (low)
+	- kde4libs <undetermined> (low)
 CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...)
 	- chromium-browser <itp> (bug #520334)
 CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...)
@@ -21,10 +24,13 @@
 CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit 1.1.21-1 (low)
+	- qt4-x11 <undetermined> (low)
+	- kdelibs <undetermined> (low)
+	- kde4libs <undetermined> (low)
 CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
 	- chromium-browser <itp> (bug #520334)
 CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...)
-	TODO: check
+	- xulrunner <unfixed> (bug #570743)
 CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
 	NOT-FOR-US: Opera
 CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
@@ -32,17 +38,26 @@
 CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit 1.1.21-1 (low)
+	- qt4-x11 <undetermined> (low)
+	- kdelibs <undetermined> (low)
+	- kde4libs <undetermined> (low)
 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit <undetermined> (low)
+	- qt4-x11 <undetermined> (low)
+	- kdelibs <undetermined> (low)
+	- kde4libs <undetermined> (low)
 	TODO: check (not enough info available yet since webkit bug is still restricted)
 CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...)
 	- chromium-browser <itp> (bug #520334)
 CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...)
-	TODO: check
+	- xulrunner <unfixed> (bug #570743)
 CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit 1.1.21-1 (medium)
+	- qt4-x11 <undetermined> (medium)
+	- kdelibs <undetermined> (medium)
+	- kde4libs <undetermined> (medium)
 CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
 	- chromium-browser <itp> (bug #520334)
 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
@@ -333,12 +348,12 @@
 	NOT-FOR-US: Microsoft
 CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
 	- apache <removed> (unimportant)
-	- apache2 <removed> (unimportant; bug #570740)
+	- apache2 <unfixed> (unimportant; bug #570740)
 	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
 	NOTE: then that itself should be fixed
 CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
 	- apache <removed> (unimportant)
-	- apache2 <removed> (unimportant; bug #570740)
+	- apache2 <unfixed> (unimportant; bug #570740)
 	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
 	NOTE: then that itself should be fixed
 CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)


