[Secure-testing-commits] r15293 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Sep 9 08:08:50 UTC 2010
Author: jmm-guest
Date: 2010-09-09 08:08:33 +0000 (Thu, 09 Sep 2010)
New Revision: 15293
Modified:
data/CVE/list
Log:
- iceape fixed
- new squid3 issue, encfs, openjdk, chromium, webkit issues
- weborf fixed (should be removed, though)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-09-08 21:14:49 UTC (rev 15292)
+++ data/CVE/list 2010-09-09 08:08:33 UTC (rev 15293)
@@ -5,33 +5,47 @@
CVE-2010-3260
RESERVED
CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read access ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite ...)
TODO: check
CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...)
@@ -43,7 +57,7 @@
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
TODO: check
CVE-2010-XXXX [weborf directory traversal]
- - weborf <unfixed>
+ - weborf 0.12.3-1
NOTE: http://www.exploit-db.com/exploits/14925/
CVE-2010-3243
RESERVED
@@ -204,21 +218,21 @@
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3168 [XUL tree removal crash and remote code execution]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3167 [Dangling pointer vulnerability in nsTreeContentView]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3166 [Heap buffer overflow in nsTextFrameUtils::TransformText]
RESERVED
@@ -226,7 +240,7 @@
[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
- icedove <unfixed>
[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-3165
RESERVED
@@ -487,12 +501,17 @@
NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3075
RESERVED
+ - encfs <unfixed> (bug #595998)
CVE-2010-3074
RESERVED
+ - encfs <unfixed> (bug #595998)
CVE-2010-3073
RESERVED
-CVE-2010-3072
- RESERVED
+ - encfs <unfixed> (bug #595998)
+CVE-2010-3072
+ RESERVED
+ - squid3 <unfixed> (bug #596086)
+ - squid <not-affected> (Only affects 3.x)
CVE-2010-3071 [bip DoS]
RESERVED
- bip <unfixed> (low; bug #595409)
@@ -1309,35 +1328,35 @@
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2768 [UTF-7 XSS by overriding document charset using <object> type attribute]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2767 [Dangling pointer vulnerability using DOM plugin array]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2766 [Crash and remote code execution in normalizeDocument]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2765 [Frameset integer overflow vulnerability]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2764 [Information leak via XMLHttpRequest statusText]
RESERVED
@@ -1345,14 +1364,14 @@
[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
- icedove <unfixed>
[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2763 [XSS using SJOW scripted function]
RESERVED
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2762 [SJOW creates scope chains ending in outer object]
RESERVED
@@ -1364,7 +1383,7 @@
{DSA-2106-1}
- xulrunner <unfixed>
- icedove <unfixed>
- - iceape <unfixed>
+ - iceape 2.0.7-1
[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...)
- bugzilla <unfixed> (bug #595015; medium)
@@ -1879,6 +1898,8 @@
NOT-FOR-US: Microsoft
CVE-2010-2548
RESERVED
+ - openjdk-6 <unfixed>
+ NOTE: Fixed in experimental
CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...)
{DSA-2076-1}
- gnupg2 2.0.14-2
More information about the Secure-testing-commits
mailing list