[Secure-testing-commits] r19910 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Tue Aug 7 19:43:06 UTC 2012
Author: jmm
Date: 2012-08-07 19:43:06 +0000 (Tue, 07 Aug 2012)
New Revision: 19910
Modified:
data/CVE/list
Log:
nsd3 fixed
new redeclipse issue
php5 unfixed for one issue
php not affected for another issue
new chromium issues (likely fixed, though)
clean up old TODOs
network-manager fixed and no-dsa
checked python XMLRPC issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-08-07 19:22:38 UTC (rev 19909)
+++ data/CVE/list 2012-08-07 19:43:06 UTC (rev 19910)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [redeclipse code execution through map files]
+ - redeclipse <unfixed> (bug #684143)
CVE-2012-XXXX [base64 buffer overflows]
- libotr <unfixed> (bug #684121)
CVE-2012-XXXX [world-writeable directory]
@@ -1465,8 +1467,7 @@
RESERVED
CVE-2012-3450 [php5 pdo array overread/crash]
RESERVED
- - php5 <undetermined> (bug #683694)
- TODO: check. might have been fixed already in Debian
+ - php5 <unfixed> (bug #683694)
NOTE: http://seclists.org/bugtraq/2012/Jun/60
NOTE: https://bugs.php.net/bug.php?id=61755
NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
@@ -2597,7 +2598,7 @@
- nsd3 <not-affected> (Debian version not affected)
CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x ...)
{DSA-2515-1}
- TODO: check
+ - nsd3 3.2.12-1
CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
NOT-FOR-US: Symantec Web Gateway
CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
@@ -3198,7 +3199,8 @@
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead]
RESERVED
- - network-manager <unfixed> (bug #655972)
+ - network-manager 0.9.4.0-1 (low; bug #655972)
+ [squeeze] - network-manager <no-dsa> (Minor issue)
NOTE: this might warrant a CVE for the kernel too
CVE-2012-2735
RESERVED
@@ -4725,8 +4727,8 @@
{DSA-2491-1}
- postgresql-9.1 9.1.4-1
- postgresql-8.4 8.4.12-1
- NOTE: DES weakness in crypt() when using unicode encoding
- TODO: check who's affected (php? postgre?)
+ - php5 5.3.3-1
+ NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142
RESERVED
CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read (snmpd crash)]
@@ -5508,9 +5510,11 @@
CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...)
NOT-FOR-US: Microsoft Excel
CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to ...)
- TODO: check
+ - chromium-browser <unfixed>
+ NOTE: Very likely fixed, but exact fixed version unknown
CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier ...)
- TODO: check
+ - chromium-browser <unfixed>
+ NOTE: Very likely fixed, but exact fixed version unknown
CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3 ...)
NOT-FOR-US: Quantum Scalar
CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on ...)
@@ -7953,13 +7957,14 @@
- webcalendar <removed>
CVE-2012-0845
RESERVED
- - python3.1 <removed>
- - python3.2 <unfixed>
- - python2.7 <unfixed>
+ - python3.1 <removed> (low)
+ [squeeze] - python3.1 <no-dsa> (Minor issue)
+ - python3.2 3.2.3~rc1-1
+ - python2.7 2.7.3~rc1-1
- python2.6 2.6.8-0.1
+ [squeeze] - python2.6 <no-dsa> (Minor issue)
- python2.5 <removed>
- - python2.4 <removed>
- TODO: check
+ [squeeze] - python2.5 <no-dsa> (Minor issue)
CVE-2012-0844
RESERVED
- netsurf 2.8-2 (bug #659376)
@@ -9713,7 +9718,7 @@
REJECTED
NOTE: Rejected CVE-identifier. Please use CVE-2012-2667
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...)
- TODO: check
+ - nginx <not-affected> (Only affects Nginx on Windows)
CVE-2011-4962 [silverstripe: Potential remote code execution]
RESERVED
- silverstripe <itp> (bug #528461)
@@ -15183,8 +15188,6 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <unfixed> (medium)
- TODO: file bug for kolab-cyrus-imapd
- NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: PunBB
CVE-2011-3370
@@ -15208,8 +15211,6 @@
- kde4libs 4:4.7.2-1
[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
- NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
- TODO: File bugs
CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in ...)
- network-manager-applet <not-affected> (ifcfg-rh plugin not built/included in Debian)
CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel ...)
@@ -15617,7 +15618,6 @@
- cyrus-imapd-2.2 2.4.11-1 (medium)
- cyrus-imapd-2.4 2.4.11-1 (medium)
- kolab-cyrus-imapd <unfixed> (medium)
- TODO: file bug for kolab-cyrus-imapd
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...)
- openssl 1.0.0e-1
[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
@@ -21494,14 +21494,12 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (losecontext not present in 1.2)
- TODO: recheck webkit 1.3
NOTE: http://trac.webkit.org/changeset/78921
CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a cast of ...)
- chromium-browser 10.0.648.127~r76697-1
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present)
- TODO: recheck webkit 1.3
NOTE: http://trac.webkit.org/changeset/78744
CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle DataView ...)
- chromium-browser 10.0.648.127~r76697-1
@@ -21531,7 +21529,6 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present)
- TODO: recheck webkit 1.3
NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed> (unimportant)
@@ -21552,7 +21549,6 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not yet present)
- TODO: recheck webkit 1.3
NOTE: http://trac.webkit.org/changeset/76652
CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 ...)
{DSA-2189-1}
@@ -21572,7 +21568,6 @@
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/77142
- TODO: ^ this commit only contains tests for the issue, need commit # for fix
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
- libv8 3.1.8.10-1 (bug #617418)
- icedove <unfixed> (low)
@@ -21780,7 +21775,6 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code introduced in commit 75823)
- TODO: recheck once webkit 1.3 enters unstable
NOTE: http://trac.webkit.org/changeset/78775
CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...)
- chromium-browser 9.0.597.107~r75357-1
@@ -21798,7 +21792,6 @@
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
- TODO: ^ this bug is embargoed, please note the commit #
CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...)
{DSA-2189-1}
- chromium-browser 9.0.597.107~r75357-1
@@ -21811,14 +21804,12 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (webgl support not present in 1.2)
- TODO: recheck webkit 1.3 once its uploaded to unstable
NOTE: http://trac.webkit.org/changeset/77956
CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...)
- chromium-browser 9.0.597.107~r75357-1
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (device orientation code/support not present in 1.2)
- TODO: recheck webkit 1.3 once its uploaded to unstable
NOTE: http://trac.webkit.org/changeset/77418
CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...)
- chromium-browser 9.0.597.107~r75357-1
@@ -21849,7 +21840,6 @@
- chromium-browser 9.0.597.107~r75357-1
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state)
- TODO: check webkit 1.3 once it enters unstable
NOTE: http://trac.webkit.org/changeset/77141
CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...)
{DSA-2189-1}
@@ -21873,7 +21863,6 @@
[squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present in 1.2)
- TODO: check webkit 1.3 once it gets uploaded to unstable
NOTE: http://trac.webkit.org/changeset/76828
CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...)
{DSA-2189-1}
@@ -21889,7 +21878,6 @@
CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...)
- chromium-browser 9.0.597.107~r75357-1
- webkit <not-affected> (history controller code not present in 1.2)
- TODO: recheck webkit 1.3 once it gets uploaded to unstable
NOTE: http://trac.webkit.org/changeset/76205
CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
NOT-FOR-US: IBM Lotus Sametime
@@ -22044,7 +22032,6 @@
CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...)
- chromium-browser <undetermined>
- webkit <not-affected> (history controller code not present in 1.2)
- TODO: recheck webkit 1.3 once it enters unstable
NOTE: http://trac.webkit.org/changeset/77705
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
NOT-FOR-US: 389 LDAP server
@@ -22361,13 +22348,12 @@
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (doesn't include v8 code)
NOTE: http://trac.webkit.org/changeset/76264
- TODO: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
+ NOTE: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous ...)
{DSA-2166-1}
- chromium-browser 9.0.597.98~r74359-1
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (vulnerable code not yet present in 1.2)
- TODO: check webkit > 1.3 when it gets uploaded
NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows ...)
- chromium-browser 9.0.597.98~r74359-1
@@ -23527,8 +23513,6 @@
- openssh 1:5.8p1-2
[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
- [wheezy] - openssh <not-affected> (only affects openssh 5.6 and 5.7)
- TODO: remove wheezy not-affected note once newer version transitions
CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees ...)
{DSA-2201-1}
- wireshark 1.4.3-3 (low; bug #613202)
@@ -23688,13 +23672,11 @@
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- webkit <not-affected> (vulnerable code not present in 1.2)
- TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/75082
NOTE: http://trac.webkit.org/changeset/75084
CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- webkit <not-affected> (vulnerable code not present in 1.2)
- TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/74787
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
{DSA-2188-1}
@@ -24306,7 +24288,6 @@
[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
- tiff3 3.9.5
- TODO: check
NOTE: tiff (4) might be affected, it was branched after tiff3 3.8.2 but the tiffdump.c code is completely different so I'm unsure
CVE-2010-4664
RESERVED
@@ -24679,7 +24660,6 @@
NOT-FOR-US: Apple Mac OS X
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before ...)
NOT-FOR-US: Apple iOS
- TODO: Check with Apple, whether this is the standard libxslt
CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 ...)
NOT-FOR-US: Apple Mac OS
CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...)
@@ -25347,7 +25327,6 @@
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined> (low)
NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
- TODO: request cve id?
CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and ...)
NOT-FOR-US: phpMyFAQ
CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch ...)
@@ -25722,7 +25701,6 @@
CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
- chromium-browser 6.0.472.63~r59945-3
- webkit <not-affected> (vulnerable code not present in 1.2)
- TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the ...)
- chromium-browser <unfixed> (unimportant)
@@ -25738,7 +25716,6 @@
- chromium-browser 6.0.472.63~r59945-3
- webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
- TODO: need webkit commit # (above bug is embargoed)
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...)
- chromium-browser <unfixed> (unimportant)
- webkit <unfixed> (unimportant)
@@ -26509,7 +26486,6 @@
- webkit <undetermined>
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
- TODO: need webkit commit # (above bug report is embargoed)
CVE-2010-4200
REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
@@ -27478,7 +27454,6 @@
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
@@ -27486,45 +27461,35 @@
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3825
RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3815
RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
@@ -27542,19 +27507,15 @@
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3807
RESERVED
CVE-2010-3806
@@ -27562,15 +27523,12 @@
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
@@ -31819,7 +31777,6 @@
- chromium-browser 6.0.466.0~r52279-1
NOTE: This is a large series of risky behaviour-changing changesets.
NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that
- TODO: need commit #
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...)
- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...)
@@ -32994,7 +32951,6 @@
- webkit <not-affected> (vulnerable code not present in 1.2.x series)
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/65958
- TODO: recheck chromium, was wrong commit
CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...)
- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
- chromium-browser 6.0.472.62~r59676-1
@@ -33017,7 +32973,6 @@
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -33026,7 +32981,6 @@
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- webkit <undetermined>
- chromium-browser <undetermined>
- TODO: need commit #
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
@@ -33151,7 +33105,6 @@
- webkit <undetermined>
- chromium-browser <undetermined>
NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
- TODO: need commit #
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -33225,7 +33178,6 @@
- chromium-browser 5.0.375.55~r47796-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
NOTE: http://trac.webkit.org/changeset/57995
- TODO: is this commit correct? its labeled as a "build fix"
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -33274,7 +33226,6 @@
NOTE: is CVE-2010-2441 a dup of this?
NOTE: chromium-sec don't have info
NOTE: Sounds like it could be iPhone specific
- TODO: need commit #
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...)
@@ -34322,7 +34273,6 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
NOTE: http://trac.webkit.org/changeset/58201
NOTE: if this commit is correct, this is a dup of cve-2010-1665
- TODO: request rejection
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.2-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -34406,7 +34356,6 @@
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
NOTE: http://trac.webkit.org/changeset/53446
- TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...)
- webkit 1.2.1-2
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
More information about the Secure-testing-commits
mailing list