[Secure-testing-commits] r50635 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Thu Apr 13 21:34:35 UTC 2017 

Author: jmm
Date: 2017-04-13 21:34:35 +0000 (Thu, 13 Apr 2017)
New Revision: 50635

Modified:
   data/CVE/list
Log:
NFUs, one historic chrome issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-13 21:31:16 UTC (rev 50634)
+++ data/CVE/list	2017-04-13 21:34:35 UTC (rev 50635)
@@ -54969,7 +54969,7 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283371 (not (yet) public)
 	NOTE: Proposed upstream patch: http://marc.info/?l=linux-usb&m=145260786729359&w=2
 CVE-2015-7565 (Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through ...)
-	TODO: check
+	NOT-FOR-US: ember.js
 CVE-2015-7564 (Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier ...)
 	NOT-FOR-US: TeamPass
 CVE-2015-7563 (Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and ...)
@@ -104195,7 +104195,7 @@
 	- chromium-browser 33.0.1750.152-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2013-6662 (Google Chrome caches TLS sessions before certificate validation ...)
-	TODO: check
+	NOTE: Chrome issue fixed end of 2013, not really worth figuring out in which version
 CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-2883-1}
 	- chromium-browser 33.0.1750.152-1
@@ -104255,7 +104255,7 @@
 	- libv8-3.14 <unfixed> (unimportant; bug #773671)
 	NOTE: libv8 not covered by security support
 CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...)
-	TODO: check
+	- skia <itp> (bug #818180)
 CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...)
 	- chromium-browser <not-affected> (According to upstream bug only affected interim version, not a stable release)
 CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in ...)
@@ -162373,7 +162373,7 @@
 	- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
 	- chromium-browser 6.0.472.62~r59676-1
 CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...)
 	NOT-FOR-US: Apple Filing Protocol Server
 CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple ...)
@@ -162383,7 +162383,7 @@
 CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...)
 	NOT-FOR-US: Apple iOS
 CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and ...)
-	TODO: check
+	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)

More information about the Secure-testing-commits mailing list