Secure testing commits - Feb 2010 - r14130 - data/CVE

Author: joeyh
Date: 2010-02-19 21:14:23 +0000 (Fri, 19 Feb 2010)
New Revision: 14130

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-02-19 15:37:18 UTC (rev 14129)
+++ data/CVE/list	2010-02-19 21:14:23 UTC (rev 14130)
@@ -1,3 +1,47 @@
+CVE-2010-0664 (Stack consumption vulnerability in the ...)
+	TODO: check
+CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
+	TODO: check
+CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...)
+	TODO: check
+CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit
before ...)
+	TODO: check
+CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the
Referer ...)
+	TODO: check
+CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google
Chrome ...)
+	TODO: check
+CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome
before ...)
+	TODO: check
+CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the
...)
+	TODO: check
+CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before
4.0.249.78, ...)
+	TODO: check
+CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78
allows ...)
+	TODO: check
+CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets
even ...)
+	TODO: check
+CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when
the ...)
+	TODO: check
+CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS
...)
+	TODO: check
+CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78
and ...)
+	TODO: check
+CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple
Safari, ...)
+	TODO: check
+CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer
function ...)
+	TODO: check
+CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to
...)
+	TODO: check
+CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before
4.0.249.89, ...)
+	TODO: check
+CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8
before ...)
+	TODO: check
+CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before
r3560, as ...)
+	TODO: check
+CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is
...)
+	TODO: check
+CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct
connections to ...)
+	TODO: check
 CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to
read the ...)
 	TODO: check
 CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -271,8 +315,7 @@
 	NOT-FOR-US: Oracle OpenSolaris
 CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified
access ...)
 	NOT-FOR-US: IBM Cognos Express
-CVE-2010-0556 [google chrome password manager issue]
-	RESERVED
+CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89
...)
 	- chromium-browser <itp> (low; bug #520334)
 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows
remote ...)
 	TODO: check
@@ -598,10 +641,10 @@
 	RESERVED
 CVE-2010-0418
 	RESERVED
-CVE-2010-0417
-	RESERVED
-CVE-2010-0416
-	RESERVED
+CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6
and ...)
+	TODO: check
+CVE-2010-0416 (Buffer overflow in the Unescape function in
common/util/hxurl.cpp and ...)
+	TODO: check
 CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel
before ...)
 	{DSA-1996-1}
 	- linux-2.6 2.6.32-8
@@ -957,7 +1000,7 @@
 	NOT-FOR-US: Novell Netware
 CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote
...)
 	NOT-FOR-US: Google SketchUp
-CVE-2010-0315 (Google Chrome allows remote attackers to discover a
redirect''s target ...)
+CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before
4.0.249.89, ...)
 	- chromium-browser <itp> (bug #520324)
 CVE-2010-0314 (Apple Safari allows remote attackers to discover a
redirect''s target ...)
 	NOT-FOR-US: Safari
@@ -1231,7 +1274,7 @@
 	NOT-FOR-US: Microsoft Windows
 CVE-2010-0231 (The SMB implementation in the Server service in Microsoft
Windows 2000 ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to
listen ...)
+CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2
configures ...)
 	- postfix <not-affected> (SUSE-specific packaging issue)
 CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB
flash ...)
 	NOT-FOR-US: Verbatim Corporate Secure
@@ -2600,7 +2643,7 @@
 	RESERVED
 CVE-2009-4258
 	RESERVED
-CVE-2009-4257 (Heap-based buffer overflow in smlrender.dll in RealNetworks
RealPlayer ...)
+CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in
...)
 	NOT-FOR-US: RealPlayer
 CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in
AlefMentor 2.0 ...)
 	NOT-FOR-US: AlefMentor
@@ -2618,9 +2661,9 @@
 	NOT-FOR-US: CuteNews
 CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP
...)
 	NOT-FOR-US: CuteNews
-CVE-2009-4248 (Buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5
...)
+CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest
...)
 	NOT-FOR-US: RealPlayer
-CVE-2009-4247 (RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through
...)
+CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in
...)
 	NOT-FOR-US: RealPlayer
 CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
 	NOT-FOR-US: RealPlayer
@@ -2630,7 +2673,7 @@
 	NOT-FOR-US: RealPlayer
 CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through
...)
 	NOT-FOR-US: RealPlayer
-CVE-2009-4242 (Heap-based buffer overflow in RealNetworks RealPlayer 10;
RealPlayer ...)
+CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer
function ...)
 	NOT-FOR-US: RealPlayer
 CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10,
RealPlayer ...)
 	NOT-FOR-US: RealPlayer
@@ -2672,6 +2715,7 @@
 	[etch] - xfig <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
 CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8,
...)
+	{DSA-2002-1}
 	- polipo 1.0.4-2 (low; bug #560779)
 	[etch] - polipo <no-dsa> (Minor issue)
 	[lenny] - polipo <no-dsa> (Minor issue)
@@ -2837,8 +2881,10 @@
 	- network-manager <not-affected> (-editor introduced in 0.7 on the
-applet package)
 	[lenny] - network-manager-applet <not-affected> (-editor was introduced
in 0.7)
 CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which
has ...)
+	{DSA-2002-1 DSA-2001-1}
 	- php5 5.2.12.dfsg.1-1 (low)
 CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not
properly ...)
+	{DSA-2001-1}
 	- php5 5.2.12.dfsg.1-1 (medium)
 CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in
...)
 	- linux-2.6 2.6.32-6
@@ -5258,6 +5304,7 @@
 CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in
...)
 	NOT-FOR-US: ClearSite
 CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote
attackers to ...)
+	{DSA-2002-1}
 	- polipo 1.0.4-1.1 (low; bug #547047)
 	[etch] - polipo <no-dsa> (Minor issue)
 	[lenny] - polipo <no-dsa> (Minor issue)