Author: gilbert-guest
Date: 2010-02-21 07:10:40 +0000 (Sun, 21 Feb 2010)
New Revision: 14134
Modified:
data/CVE/list
Log:
NFUs; new chromium/webkit issues; unimportant old apache issue
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-02-20 21:16:07 UTC (rev 14133)
+++ data/CVE/list 2010-02-21 07:10:40 UTC (rev 14134)
@@ -1,47 +1,56 @@
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit
before ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit <not-affected> (no v8 code included yet)
+ TODO: recheck as newer webkits are uploaded
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the
Referer ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google
Chrome ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit 1.1.21-1 (low)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome
before ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the
...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before
4.0.249.78, ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit 1.1.21-1 (low)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78
allows ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets
even ...)
TODO: check
CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when
the ...)
- TODO: check
+ NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS
...)
- TODO: check
+ NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78
and ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit 1.1.21-1 (low)
CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple
Safari, ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit <undetermined> (low)
+ TODO: check (not enough info available yet since webkit bug is still
restricted)
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer
function ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to
...)
TODO: check
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before
4.0.249.89, ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
+ - webkit 1.1.21-1 (medium)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8
before ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before
r3560, as ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is
...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct
connections to ...)
- TODO: check
+ - chromium-browser <itp> (bug #520334)
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to
read the ...)
TODO: check
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -257,7 +266,6 @@
CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5
allows ...)
- ffmpeg <unfixed>
- ffmpeg-debian <removed>
- TODO: check
CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause
a ...)
{DSA-2000-1}
- ffmpeg 4:0.5+svn20090706-3
@@ -312,21 +320,27 @@
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89
...)
- chromium-browser <itp> (low; bug #520334)
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows
remote ...)
- TODO: check
+ NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows
remote ...)
- TODO: check
+ NOT-FOR-US: WebExpert
CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows
remote ...)
- TODO: check
+ NOT-FOR-US: WebLogExpert
CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows
remote ...)
- TODO: check
+ NOT-FOR-US: SurfStats
CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows
remote ...)
- TODO: check
+ NOT-FOR-US: WebTrends
CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS
resolution ...)
NOT-FOR-US: Microsoft
CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled
for ...)
- TODO: check
+ - apache <removed> (unimportant)
+ - apache2 <removed> (unimportant; bug #570740)
+ NOTE: not really an apache issue; if an apache log analyzer is known
vulnerable,
+ NOTE: then that itself should be fixed
CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled
for ...)
- TODO: check
+ - apache <removed> (unimportant)
+ - apache2 <removed> (unimportant; bug #570740)
+ NOTE: not really an apache issue; if an apache log analyzer is known
vulnerable,
+ NOTE: then that itself should be fixed
CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS
resolution is ...)
NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0
through SP5, ...)
@@ -996,6 +1010,7 @@
NOT-FOR-US: Google SketchUp
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before
4.0.249.89, ...)
- chromium-browser <itp> (bug #520324)
+ - webkit 1.1.21-1 (medium)
CVE-2010-0314 (Apple Safari allows remote attackers to discover a
redirect''s target ...)
NOT-FOR-US: Safari
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java
System ...)