[Secure-testing-commits] r15809 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Thu Jan 6 20:33:36 UTC 2011
Author: jmm-guest
Date: 2011-01-06 20:33:35 +0000 (Thu, 06 Jan 2011)
New Revision: 15809
Modified:
data/CVE/list
Log:
- mark remaining webkit/lenny as no-dsa
- kernel updates
- no-dsa for some fringe issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-06 18:21:31 UTC (rev 15808)
+++ data/CVE/list 2011-01-06 20:33:35 UTC (rev 15809)
@@ -893,7 +893,7 @@
- linux-2.6 <unfixed>
CVE-2010-4526 [sctp: a race between ICMP protocol unreachable and connect()]
RESERVED
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-30
CVE-2010-4525
RESERVED
- linux-2.6 <unfixed>
@@ -1410,17 +1410,17 @@
CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 ...)
- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel)
CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-30
CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by ...)
- exim4 4.72-3 (bug #606612)
CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c ...)
{DSA-2131-1}
- exim4 4.70-1 (bug #606612)
CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-30
[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...)
- - linux-2.6 <unfixed>
+ - linux-2.6 2.6.32-30
CVE-2010-4341
RESERVED
CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
@@ -2155,6 +2155,7 @@
- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...)
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.63~r59945-1
NOTE: http://trac.webkit.org/changeset/68446
CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...)
@@ -2528,7 +2529,7 @@
- linux-2.6 2.6.32-29 (low)
CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not ...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-30 (low)
CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via symlink attack]
RESERVED
- fuse <unfixed> (bug #602333)
@@ -2536,13 +2537,13 @@
- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before ...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-30 (low)
CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not ...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-30 (low)
CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel ...)
{DSA-2126-1}
- - linux-2.6 <unfixed> (low)
+ - linux-2.6 2.6.32-30 (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
{DSA-2126-1}
- linux-2.6 <unfixed> (unimportant)
@@ -2744,6 +2745,7 @@
- chromium-browser <undetermined>
CVE-2010-3812 (Integer overflow in the wholeText method in WebKit in Apple Safari ...)
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
@@ -2781,6 +2783,7 @@
RESERVED
CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before ...)
- xar <removed>
+ [lenny] - xar <no-dsa> (Minor issue)
CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
NOT-FOR-US: Apple Wiki Server
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...)
@@ -3987,6 +3990,7 @@
RESERVED
CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...)
- mn-fit <unfixed> (bug #598298)
+ [lenny] - mn-fit <no-dsa> (Minor issue)
CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...)
- mistelix 0.31-2 (low; bug #598297)
CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...)
@@ -4244,6 +4248,7 @@
CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
NOTE: http://trac.webkit.org/changeset/65826
CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...)
@@ -4253,6 +4258,7 @@
CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/65748 https://bugs.webkit.org/show_bug.cgi?id=44226
CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -4261,11 +4267,13 @@
CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
NOTE: http://trac.webkit.org/changeset/66052
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/65135
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -4288,10 +4296,12 @@
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...)
- chromium-browser 6.0.472.53~r57914-1
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -4676,6 +4686,7 @@
CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...)
- chromium-browser 5.0.375.127~r55887-1
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
@@ -4684,6 +4695,7 @@
CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...)
- chromium-browser 5.0.375.127~r55887-1
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
NOTE: http://trac.webkit.org/changeset/65090
CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...)
@@ -4694,6 +4706,7 @@
- webkit <not-affected> (chromium specific)
CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/64293
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
@@ -4701,17 +4714,20 @@
NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series
CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...)
- webkit 1.2.5-1 (bug #599830)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/63925
NOTE: http://trac.webkit.org/changeset/64077
NOTE: only partially fixed: only 64077 applied in 1.2.4-1
CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
NOTE: http://trac.webkit.org/changeset/63773
CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
NOTE: http://trac.webkit.org/changeset/63865
@@ -5212,22 +5228,26 @@
- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
NOTE: http://trac.webkit.org/changeset/62662
NOTE: duplicate of cve-2010-1793
CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373
NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
NOTE: http://trac.webkit.org/changeset/63219
CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
NOTE: http://trac.webkit.org/changeset/62134
@@ -5955,6 +5975,7 @@
- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
- webkit 1.2.5-1 (bug #599830)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
@@ -5970,11 +5991,13 @@
NOTE: http://trac.webkit.org/changeset/60977
CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
NOTE: http://trac.webkit.org/changeset/61667
@@ -5984,6 +6007,7 @@
NOTE: duplicate of cve-2010-1786
CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...)
- webkit 1.2.5-1 (bug #599830)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
NOTE: http://trac.webkit.org/changeset/58873
@@ -6792,17 +6816,20 @@
REJECTED
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59876
NOTE: duplicate of cve-2010-1771
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59241
NOTE: http://trac.webkit.org/changeset/59242
NOTE: duplicate of cve-2010-1762
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: http://trac.webkit.org/changeset/59109
NOTE: duplicate of cve-2010-1759
@@ -6814,10 +6841,12 @@
- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
NOTE: http://trac.webkit.org/changeset/57627
@@ -6827,6 +6856,7 @@
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
CVE-2009-4900 [pixelpost XSS]
@@ -7319,6 +7349,7 @@
CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
- chromium-browser 5.0.375.55~r47796-1
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/58441
CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
- chromium-browser 5.0.375.55~r47796-1
@@ -8066,10 +8097,12 @@
RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- webkit <unfixed>
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...)
@@ -8094,6 +8127,7 @@
RESERVED
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
- webkit <not-affected>
@@ -8101,6 +8135,7 @@
NOTE: duplicate of CVE-2010-1783
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
@@ -8117,6 +8152,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2, and ...)
- webkit 1.2.5-1 (bug #599830)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/64706
NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
@@ -8161,12 +8197,14 @@
NOT-FOR-US: Apple
CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: http://trac.webkit.org/changeset/62482
NOTE: http://trac.webkit.org/changeset/62662
NOTE: duplicated as cve-2010-2902
CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/62386
NOTE: Chromium uses a totally different regexp implementation.
@@ -8176,6 +8214,7 @@
NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/62301
NOTE: this is specific to Safari's JavaScript engine
@@ -8185,25 +8224,30 @@
NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994
NOTE: http://trac.webkit.org/changeset/62482
CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: http://trac.webkit.org/changeset/61044
CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: http://trac.webkit.org/changeset/61667
NOTE: duplicated as cve-2010-2647
CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-1
NOTE: http://trac.webkit.org/changeset/61050
NOTE: http://trac.webkit.org/changeset/61051
CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: http://trac.webkit.org/changeset/62271
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
@@ -8212,6 +8256,7 @@
NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-3114
CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.127~r55887-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
NOTE: http://trac.webkit.org/changeset/63772
@@ -8222,6 +8267,7 @@
NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
- webkit 1.2.5-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407
NOTE: http://trac.webkit.org/changeset/60984
@@ -8239,37 +8285,44 @@
NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: dupe of CVE-2010-1774
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...)
NOT-FOR-US: Apple iTunes
CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
NOTE: http://trac.webkit.org/changeset/57041
@@ -8277,6 +8330,7 @@
TODO: request rejection
CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
NOTE: http://trac.webkit.org/changeset/56380
@@ -8289,6 +8343,7 @@
TODO: is this commit correct? its labeled as a "build fix"
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
NOTE: http://trac.webkit.org/changeset/55157
@@ -8299,27 +8354,32 @@
NOTE: http://trac.webkit.org/changeset/59486
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
NOTE: http://trac.webkit.org/changeset/59241
NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.99~r51029-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
NOTE: http://trac.webkit.org/changeset/59098
@@ -8345,6 +8405,7 @@
NOT-FOR-US: Apple Safari
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
@@ -8558,10 +8619,12 @@
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.2.1-3
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...)
- chromium-browser 5.0.375.29~r46008-1
@@ -9318,6 +9381,7 @@
NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
NOTE: http://trac.webkit.org/changeset/58829
@@ -9330,11 +9394,13 @@
RESERVED
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
@@ -9344,6 +9410,7 @@
NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
NOTE: http://trac.webkit.org/changeset/58201
@@ -9351,16 +9418,19 @@
TODO: request rejection
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
NOTE: http://trac.webkit.org/changeset/56810
CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
NOTE: http://trac.webkit.org/changeset/56420
CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
NOTE: http://trac.webkit.org/changeset/55783
@@ -9371,6 +9441,7 @@
NOTE: http://trac.webkit.org/changeset/57232
CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.70~r48679-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
NOTE: http://trac.webkit.org/changeset/57759
More information about the Secure-testing-commits
mailing list