Author: jmm-guest Date: 2010-10-18 16:36:49 +0000 (Mon, 18 Oct 2010) New Revision: 15481 Modified: data/CVE/list Log: - vdr fixed - gnome-subtitles fixed - webkit fixed - new eglibc issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-10-18 07:30:20 UTC (rev 15480) +++ data/CVE/list 2010-10-18 16:36:49 UTC (rev 15481) @@ -259,6 +259,8 @@ RESERVED CVE-2010-3847 RESERVED + - eglibc <unfixed> + - glibc <removed> CVE-2010-3846 RESERVED CVE-2010-3844 @@ -1491,7 +1493,7 @@ RESERVED CVE-2010-3387 RESERVED - - vdr <unfixed> (unimportant; bug #598308) + - vdr 1.6.0-18.1 (unimportant; bug #598308) NOTE: Only affects a debugging tool, see bug #598308 CVE-2010-3386 RESERVED @@ -1589,7 +1591,7 @@ - henplus <unfixed> (bug #598290) CVE-2010-3357 RESERVED - - gnome-subtitles <unfixed> (bug #598289) + - gnome-subtitles 1.0-2 (bug #598289) CVE-2010-3356 RESERVED CVE-2010-3355 @@ -1823,7 +1825,7 @@ RESERVED CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read access ...) - chromium-browser 6.0.472.53~r57914-1 - - webkit <undetermined> + - webkit 1.2.5-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399 NOTE: http://trac.webkit.org/changeset/65826 CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...) @@ -1832,7 +1834,7 @@ NOTE: chromium specific CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus ...) - chromium-browser 6.0.472.53~r57914-1 - - webkit <undetermined> + - webkit 1.2.5-1 NOTE: http://trac.webkit.org/changeset/65748 https://bugs.webkit.org/show_bug.cgi?id=44226 CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...) - chromium-browser 6.0.472.53~r57914-1 @@ -2208,7 +2210,7 @@ - vlc <not-affected> (Windows specific vulnerability) CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...) - chromium-browser 5.0.375.127~r55887-1 - - webkit <undetermined> + - webkit 1.2.5-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879 NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096 @@ -2226,14 +2228,14 @@ - chromium-browser 5.0.375.127~r55887-1 - webkit <not-affected> (chromium specific) CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME types, ...) - - webkit <undetermined> + - webkit 1.2.5-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/64293 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888 NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...) - - webkit <unfixed> (bug #599830) + - webkit 1.2.5-1 (bug #599830) - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63925 NOTE: http://trac.webkit.org/changeset/64077 @@ -2244,7 +2246,7 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655 NOTE: http://trac.webkit.org/changeset/63773 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...) - - webkit 1.2.4-1 + - webkit 1.2.5-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659 NOTE: http://trac.webkit.org/changeset/63865 @@ -2748,12 +2750,12 @@ NOTE: http://trac.webkit.org/changeset/62662 NOTE: duplicate of cve-2010-1793 CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...) - - webkit <undetermined> + - webkit 1.2.5-1 - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373 NOTE: http://trac.webkit.org/changeset/63048 CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large ...) - - webkit <undetermined> + - webkit 1.2.5-1 - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962 NOTE: http://trac.webkit.org/changeset/63219 @@ -3485,7 +3487,7 @@ - webkit <not-affected> (chromium specific issue) - chromium-browser 5.0.375.99~r51029-1 CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...) - - webkit <unfixed> (bug #599830) + - webkit 1.2.5-1 (bug #599830) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014 @@ -3514,7 +3516,7 @@ NOTE: http://trac.webkit.org/changeset/61679 additional layout test NOTE: duplicate of cve-2010-1786 CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...) - - webkit <unfixed> (bug #599830) + - webkit 1.2.5-1 (bug #599830) - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151 NOTE: http://trac.webkit.org/changeset/58873 @@ -5625,7 +5627,7 @@ CVE-2010-1816 RESERVED CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...) - - webkit <undetermined> + - webkit 1.2.5-1 - chromium-browser <undetermined> CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...) - webkit <not-affected> @@ -5648,7 +5650,7 @@ CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...) NOT-FOR-US: Apple Mac OS X CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 does not ...) - - webkit <unfixed> (bug #599830) + - webkit 1.2.5-1 (bug #599830) - chromium-browser <not-affected> NOTE: http://trac.webkit.org/changeset/64706 https://bugs.webkit.org/show_bug.cgi?id=43461 NOTE: the problem is that the standard-library strtod() @@ -5753,7 +5755,7 @@ NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available TODO: check CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) - - webkit <undetermined> + - webkit 1.2.5-1 - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407 NOTE: http://trac.webkit.org/changeset/60984