[Secure-testing-commits] r15001 - in data: . CVE

Mon Jul 19 13:15:50 UTC 2010

Author: iuculano
Date: 2010-07-19 13:15:44 +0000 (Mon, 19 Jul 2010)
New Revision: 15001

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
CVE-2010-2713 fixed in vte 1:0.24.3-1
CVE-2010-2249 and CVE-2010-1205: tuxonice-userui was binNMUed
CVE-2010-2244: fixed in avahi 0.6.26-1
webkit and chromium issues


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-07-19 12:27:50 UTC (rev 15000)
+++ data/CVE/list	2010-07-19 13:15:44 UTC (rev 15001)
@@ -112,8 +112,11 @@
 	NOT-FOR-US: TCW PHP Album
 CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...)
 	NOT-FOR-US: TCW PHP Album
-CVE-2010-2713
+CVE-2010-2713 [vte: responds to get window title escape sequence request]
 	RESERVED
+	- vte 1:0.24.3-1
+	NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
+	NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
 CVE-2010-2712
 	RESERVED
 CVE-2010-2711
@@ -258,29 +261,46 @@
 CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito ...)
 	TODO: check
 CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...)
-	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- webkit <not-affected> (chromium specific issue)
+	- chromium-browser 5.0.375.99~r51029-1
 CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
+	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
 CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...)
-	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- webkit <not-affected> (chromium specific)
+	- chromium-browser 5.0.375.99~r51029-1
 CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797
+	NOTE: http://trac.webkit.org/changeset/60973
+	NOTE: http://trac.webkit.org/changeset/60977
 CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
+	NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
 CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
+	NOTE: http://trac.webkit.org/changeset/61667
+	NOTE: http://trac.webkit.org/changeset/61669
+	NOTE: http://trac.webkit.org/changeset/61676
+	NOTE: http://trac.webkit.org/changeset/61679
 CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
+	NOTE: http://trac.webkit.org/changeset/58873
+	NOTE: http://trac.webkit.org/changeset/59870
 CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.99~r51029-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039
+	NOTE: http://trac.webkit.org/changeset/58957
 CVE-2010-2644
 	RESERVED
 CVE-2010-2643
@@ -1253,8 +1273,8 @@
 	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
 CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before ...)
 	- libpng 1.2.44-1 (low; bug #587670)
-	- tuxonice-userui <unfixed> (unimportant)
-	TODO: binNMU tuxonice-userui once libpng is fixed
+	- tuxonice-userui 1.0-1 (unimportant)
+	NOTE: tuxonice-userui 1.0-1 was binNMUed
 CVE-2010-2248 [os/2 smb issue]
 	RESERVED
 	- linux-2.6 2.6.32-12 (low)
@@ -1269,7 +1289,7 @@
 CVE-2010-2245
 	RESERVED
 CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...)
-	- avahi <undetermined>
+	- avahi 0.6.26-1
 CVE-2010-2243 [timekeeping oops]
 	RESERVED
 	- linux-2.6 2.6.32-11
@@ -4164,8 +4184,8 @@
 	NOTE: Scheduled for next round of Firefox updates (20th July)
 CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...)
 	- libpng 1.2.44-1 (bug #587670)
-	- tuxonice-userui <unfixed> 
-	TODO: binNMU tuxonice-userui once libpng is fixed
+	- tuxonice-userui 1.0-1 
+	NOTE: tuxonice-userui 1.0-1 was binNMUed
 CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...)
 	- bugzilla 3.4.7.0-1 (low; bug #587663)
 	[lenny] - bugzilla <no-dsa> (Minor issue)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-07-19 12:27:50 UTC (rev 15000)
+++ data/embedded-code-copies	2010-07-19 13:15:44 UTC (rev 15001)
@@ -702,6 +702,7 @@
 	- kde4libs <unfixable> (fork)
 	NOTE: kde4lib's khtml and webkit were forked from khtml (this tracking, which seems 
 	NOTE: reversed genesis-wise, is used because of so much other stuff in kde4libs)
+	- chromium-browser <unfixed> (fork)
 
 ftgl
 	- blender 2.46+dfsg-1 (embed)


