Author: gilbert-guest Date: 2010-02-21 07:25:59 +0000 (Sun, 21 Feb 2010) New Revision: 14135 Modified: data/CVE/list Log: add webkit embeds; bugs for new xulrunner issues; fix typo Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-02-21 07:10:40 UTC (rev 14134) +++ data/CVE/list 2010-02-21 07:25:59 UTC (rev 14135) @@ -13,6 +13,9 @@ CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (low) + - qt4-x11 <undetermined> (low) + - kdelibs <undetermined> (low) + - kde4libs <undetermined> (low) CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...) - chromium-browser <itp> (bug #520334) CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...) @@ -21,10 +24,13 @@ CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (low) + - qt4-x11 <undetermined> (low) + - kdelibs <undetermined> (low) + - kde4libs <undetermined> (low) CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...) - chromium-browser <itp> (bug #520334) CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...) - TODO: check + - xulrunner <unfixed> (bug #570743) CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...) NOT-FOR-US: Opera CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...) @@ -32,17 +38,26 @@ CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (low) + - qt4-x11 <undetermined> (low) + - kdelibs <undetermined> (low) + - kde4libs <undetermined> (low) CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...) - chromium-browser <itp> (bug #520334) - webkit <undetermined> (low) + - qt4-x11 <undetermined> (low) + - kdelibs <undetermined> (low) + - kde4libs <undetermined> (low) TODO: check (not enough info available yet since webkit bug is still restricted) CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...) - chromium-browser <itp> (bug #520334) CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...) - TODO: check + - xulrunner <unfixed> (bug #570743) CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (medium) + - qt4-x11 <undetermined> (medium) + - kdelibs <undetermined> (medium) + - kde4libs <undetermined> (medium) CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...) - chromium-browser <itp> (bug #520334) CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...) @@ -333,12 +348,12 @@ NOT-FOR-US: Microsoft CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) - apache <removed> (unimportant) - - apache2 <removed> (unimportant; bug #570740) + - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) - apache <removed> (unimportant) - - apache2 <removed> (unimportant; bug #570740) + - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)