[Secure-testing-commits] r14925 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Jun 29 21:06:09 UTC 2010 

Author: jmm-guest
Date: 2010-06-29 21:06:06 +0000 (Tue, 29 Jun 2010)
New Revision: 14925

Modified:
   data/CVE/list
Log:
- tiff triage
- convert a few tentative ImageIO entries to NFUs,
  according to Google this appears an apple internal
  implementation. Also, they're usually reporting
  issues to common libs to vendor-sec


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-06-29 16:28:55 UTC (rev 14924)
+++ data/CVE/list	2010-06-29 21:06:06 UTC (rev 14925)
@@ -58,8 +58,8 @@
 	{DSA-2065-1}
 	- kvirc 4:4.0.0~svn4340+rc3-1
 CVE-2010-2443 (Unspecified vulnerability in LibTIFF before 3.9.3 allows remote ...)
-	- tiff <undetermined>
-	TODO: check
+	- tiff 3.9.4-1 (unimportant)
+	NOTE: Triggers a NULL pointer deref, crasher only
 CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
@@ -79,7 +79,7 @@
 CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
 	- weborf 0.12.2-1
 CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software ...)
-	TODO: check
+	NOT-FOR-US: Explzh
 CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...)
@@ -981,17 +981,17 @@
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
 	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
 CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
-	- tiff <undetermined>
-	TODO: check
+	- tiff 3.9.4-1
+	[lenny] - tiff <not-affected> (Only affects 3.9.x)
 CVE-2010-2066
 	RESERVED
 	- linux-2.6 <unfixed>
 	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
 CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...)
-	- tiff <undetermined>
+	- tiff 3.9.4-1
+	[lenny] - tiff <not-affected> (Only affects 3.9.x)
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
-	TODO: check
 CVE-2010-2064
 	RESERVED
 CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the ...)
@@ -1216,7 +1216,6 @@
 	- postgresql-8.3 <removed> (low)
 CVE-2010-1974
 	REJECTED
-	- perl 5.10.1-13 (bug #582978)
 CVE-2010-1973
 	RESERVED
 CVE-2010-1972
@@ -1804,8 +1803,7 @@
 CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...)
 	NOT-FOR-US: Apple Passcode Lock
 CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...)
-	- tiff <undetermined>
-	TODO: check
+	NOT-FOR-US: iOS
 CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...)
 	NOT-FOR-US: Apple CFNetwork
 CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
@@ -2815,8 +2813,7 @@
 	NOTE: http://trac.webkit.org/changeset/57759
 	NOTE: http://trac.webkit.org/changeset/57817
 CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...)
-	- tiff <undetermined>
-	TODO: check
+	- tiff 3.9.4-1
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
 	- webkit 1.2.1-2
 	- chromium-browser <undetermined>
@@ -5479,8 +5476,7 @@
 	NOTE: http://trac.webkit.org/changeset/58792
 	NOTE: http://trac.webkit.org/changeset/58796
 CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...)
-	- tiff <undetermined>
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...)
 	- cups <unfixed>
 CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...)
@@ -12466,9 +12462,7 @@
 CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...)
-	- tiff <undetermined>
-	NOTE: description very apple-centric, but tiff may be affected
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...)

More information about the Secure-testing-commits mailing list