thr3ads.net - Secure testing commits - [Secure-testing-commits] r17443

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Oct-17 16:10 UTC
[Secure-testing-commits] r17443 - data/CVE

Author: jmm
Date: 2011-10-17 16:10:17 +0000 (Mon, 17 Oct 2011)
New Revision: 17443

Modified:
   data/CVE/list
Log:
new webkit/chromium issues
NFUs


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-10-17 11:49:58 UTC (rev 17442)
+++ data/CVE/list	2011-10-17 16:10:17 UTC (rev 17443)
@@ -2173,9 +2173,10 @@
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in
Apple ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac
OS X ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
@@ -2212,11 +2213,11 @@
 	- iceape <not-affected> (Only affects Firefox >= 4)
 	- icedove <not-affected> (Only affects Thunderbird 5)
 CVE-2011-3231 (The SSL implementation in Apple Safari before 5.1.1 on Mac OS X
before ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2011-3230 (Apple Safari before 5.1.1 on Mac OS X does not enforce an
intended ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2011-3229 (Directory traversal vulnerability in Apple Safari before 5.1.1
allows ...)
-	TODO: check
+	NOT-FOR-US: Apple Safari
 CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote
attackers to ...)
 	NOT-FOR-US: QuickTime in Apple Mac OS X
 CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly
handle ...)
@@ -2240,7 +2241,7 @@
 CVE-2011-3218 (The &quot;Save for Web&quot; selection in QuickTime
Player in Apple Mac OS X ...)
 	NOT-FOR-US: QuickTime in Apple Mac OS X
 CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote
attackers to ...)
-	TODO: check
+	NOT-FOR-US: Mac OS X
 CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly
implement ...)
 	NOT-FOR-US: kernel in Apple Mac OS X
 CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly
prevent ...)
@@ -2737,7 +2738,7 @@
 CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly
handle ...)
 	NOT-FOR-US: CA ARCserve D2D
 CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki
before ...)
-	TODO: check
+	NOT-FOR-US: Twiki
 CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon
forking, ...)
 	TODO: check
 CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL)
Gateway ...)
@@ -3355,7 +3356,8 @@
 CVE-2011-2832
 	RESERVED
 CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2830
 	RESERVED
 CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit
...)
@@ -3411,23 +3413,30 @@
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/91386
 CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2812
 	RESERVED
 CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2810
 	REJECTED
 CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2808
 	RESERVED
 CVE-2011-2807
@@ -3724,7 +3733,6 @@
 	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate
to libreoffice
 CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x
before ...)
 	NOT-FOR-US: Apache Wicket
-	TODO: check
 CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo
...)
 	NOT-FOR-US: cgit
 CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla!
before ...)
@@ -4689,17 +4697,20 @@
 	[squeeze] - chromium-browser <unfixed> (unimportant)
 	- webkit <not-affected> (chromium specific)
 CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL
loading ...)
-	TODO: check
+	NOT-FOR-US: Android
 CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2355
 	RESERVED
 CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2353
 	RESERVED
 CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before
12.0.742.112 ...)
 	- chromium-browser 12.0.742.112~r90304-1
 	[squeeze] - chromium-browser <not-affected>
@@ -4737,13 +4748,16 @@
 CVE-2011-2343
 	RESERVED
 CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2340
 	RESERVED
 CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-2337
 	RESERVED
 CVE-2011-2336
@@ -5852,7 +5866,7 @@
 CVE-2011-1912
 	RESERVED
 CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and
3.7.1 ...)
-	TODO: check
+	NOT-FOR-US: JasperReports Server
 CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x
...)
 	{DSA-2244-1}
 	- bind9 <unfixed> (high)
Secure testing commits - Oct 2011 - r17443 - data/CVE

[Secure-testing-commits] r17443 - data/CVE
