Author: gilbert-guest Date: 2010-04-08 00:56:42 +0000 (Thu, 08 Apr 2010) New Revision: 14437 Modified: data/CVE/list Log: zabbix cve reassigned; webkit "crasher" has signs of memory corruption Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-07 23:29:54 UTC (rev 14436) +++ data/CVE/list 2010-04-08 00:56:42 UTC (rev 14437) @@ -41,7 +41,8 @@ CVE-2010-1278 RESERVED CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...) - TODO: check + - zabbix <unfixed> + TODO: File bug CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...) TODO: check CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...) @@ -182,12 +183,13 @@ CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) TODO: check CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) - - webkit 1.1.90-1 (unimportant) + - webkit 1.1.90-1 - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> - chromium-browser <itp> (bug #520324) - NOTE: http://trac.webkit.org/changeset/55511, just a crasher + NOTE: http://trac.webkit.org/changeset/55511 + NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...) - webkit <unfixed> [lenny] - webkit <not-affected> (Vulnerable code not present) @@ -1564,10 +1566,8 @@ NOT-FOR-US: Joomla! CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...) NOT-FOR-US: Weekly Archive by Node Type (Drupal module) -CVE-2010-1144 [zabbix SQL injection] +CVE-2010-1144 REJECTED - - zabbix <unfixed> - TODO: File bug CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...) - policykit <not-affected> (pkexec introduced in 0.92) [lenny] - policykit <not-affected> (pkexec introduced in 0.92)