Secure testing commits - May 2010 - r14745 - data/CVE

Author: gilbert-guest
Date: 2010-05-25 04:14:24 +0000 (Tue, 25 May 2010)
New Revision: 14745

Modified:
   data/CVE/list
Log:
webkit triage; i''ve seen memory corruption in one chromium dos issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-25 03:38:24 UTC (rev 14744)
+++ data/CVE/list	2010-05-25 04:14:24 UTC (rev 14745)
@@ -653,16 +653,15 @@
 CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users
module in ...)
 	NOT-FOR-US: Zikula Application Framework
 CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a
...)
-	- chromium-browser <unfixed> (unimportant)
+	- chromium-browser <unfixed>
 	NOTE: various crashes on window close after opening the file on chromium
(including sometimes segfaults)
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
-	NOTE: Browser DoS not treated as security issues
 CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to
cause ...)
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
 CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple
Safari, ...)
-	- webkit <unfixed>
+	- webkit <unfixed> (unimportant)
 	- qt4-x11 <undetermined>
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
 	NOTE: dos-only on webkit
@@ -1204,31 +1203,29 @@
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (doesn''t use v8 bindings yet)
-	TODO: recheck newer webkits
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from
loading ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <not-affected> (chromium-specific issue)
 CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before
...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <not-affected> (chromium-specific issue)
 CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before
...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <not-affected> (chromium-specific issue)
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059
allows ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <not-affected> (chromium-specific directory traversal)
 CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome
...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <unfixed>
+	[lenny] - webkit <not-affected> (introduced in r47291)
+	- qt4-x11 <undetermined>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	NOTE: http://trac.webkit.org/changeset/57041
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support
forms, ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- webkit <undetermined>
-	TODO: check
+	- webkit <not-affected> (proof-of-concept not effective;
chromium-specific issue)
 CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3
...)
 	NOT-FOR-US: MusicBox
 CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0
allow ...)