[Secure-testing-commits] r14921 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Tue Jun 29 05:33:17 UTC 2010 

Author: gilbert-guest
Date: 2010-06-29 05:33:13 +0000 (Tue, 29 Jun 2010)
New Revision: 14921

Modified:
   data/CVE/list
Log:
some notes

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-29 04:41:12 UTC (rev 14920)
+++ data/CVE/list	2010-06-29 05:33:13 UTC (rev 14921)
@@ -465,6 +465,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
 	- webkit <undetermined>
+	- chromium-browser <undetermined>
 CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...)
 	- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
 CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...)
@@ -589,7 +590,7 @@
 	- php5 <undetermined>
 	TODO: check
 CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
-	NOT-FOR-US: Reh Had Enterprise Virtualization Manager (RHEV-M)
+	NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M)
 CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
 	NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H)
 CVE-2010-2222
@@ -1163,6 +1164,7 @@
 	NOT-FOR-US: Opera
 CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...)
 	- chromium-browser <unfixed> (unimportant)
+	- webkit <undetermined> (unimportant)
 	NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
 	NOTE: poc is just one window, but can be changed to open many
 	NOTE: this is a dos-only attack, so its considered unimportant
@@ -1282,9 +1284,11 @@
 CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the &quot;Authorization: Basic&quot; header ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
+	TODO: someone with access to the webkit security list please track down commit
 CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
+	TODO: someone with access to the webkit security list please track down commit
 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...)
 	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
 	[lenny] - opie <no-dsa> (Minor issue)
@@ -2953,10 +2957,12 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 	NOTE: not enough info disclosed to be able to check
+	TODO: someone with access to webkit security list please track down commit
 CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 	NOTE: not enough info disclosed to be able to check
+	TODO: someone with access to webkit security list please track down commit
 CVE-2010-1383
 	RESERVED
 CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
@@ -5466,6 +5472,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.2.1-1
+	- chromium-browser <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
 	NOTE: http://trac.webkit.org/changeset/58792
 	NOTE: http://trac.webkit.org/changeset/58796

More information about the Secure-testing-commits mailing list