Secure testing commits - May 2010 - r14746 - data/CVE

Author: gilbert-guest
Date: 2010-05-25 04:45:59 +0000 (Tue, 25 May 2010)
New Revision: 14746

Modified:
   data/CVE/list
Log:
more webkit triage

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-05-25 04:14:24 UTC (rev 14745)
+++ data/CVE/list	2010-05-25 04:45:59 UTC (rev 14746)
@@ -1998,12 +1998,8 @@
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before
...)
-	- webkit <undetermined>
-	- kdelibs <undetermined>
-	- kde4libs <undetermined>
-	- qt4-x11 <undetermined>
+	- webkit <not-affected> (does not yet have a "safe browsing"
feature; i.e. chromium-specific issue)
 	- chromium-browser 5.0.375.29~r46008-1
-	TODO: check
 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected
behavior ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: chrome-specific issue
@@ -2101,19 +2097,17 @@
 CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative
console in ...)
 	NOT-FOR-US: IBM WebSphere Application Server 
 CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote
attackers ...)
-	- webkit <unfixed> (bug #578982)
-	- qt4-x11 <undetermined>
-	- kdebase <undetermined>
-	- kde4libs <undetermined>
-	NOTE: proof of concept works against webkit; author claims arbitrary code
-	NOTE: execution possible with a different payload
+	- webkit <unfixed> (unimportant; bug #578982)
+	- qt4-x11 <undetermined> (unimportant)
+	- kdebase <undetermined> (unimportant)
+	- kde4libs <undetermined> (unimportant)
+	NOTE: proof of concept maximum impact against webkit is dos-only
 CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote
attackers ...)
-	- webkit <unfixed> (bug #578982)
-	- qt4-x11 <undetermined>
-	- kdebase <undetermined>
-	- kde4libs <undetermined>
-	NOTE: proof of concept works against webkit; author claims arbitrary code
-	NOTE: execution possible with a different payload
+	- webkit <unfixed> (unimportant; bug #578982)
+	- qt4-x11 <undetermined> (unimportant)
+	- kdebase <undetermined> (unimportant)
+	- kde4libs <undetermined> (unimportant)
+	NOTE: proof of concept maximum impact against webkit is dos-only
 CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote
attackers ...)
 	- webkit <not-affected>
 CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote
attackers ...)
@@ -15045,12 +15039,11 @@
 	NOT-FOR-US: ActiveX
 CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a
denial of ...)
 	- chromium-browser 5.0.375.38~r46659-1 (low)
-	- webkit <unfixed> (bug #578982)
-	- qt4-x11 <undetermined>
-	- kdebase <undetermined>
-	- kde4libs <undetermined>
-	NOTE: proof of concept works against webkit and chromium; claimed dos-only,
but may be
-	NOTE: be worse with a different payload
+	- webkit <unfixed> (unimportant; bug #578982)
+	- qt4-x11 <undetermined> (unimportant)
+	- kdebase <undetermined> (unimportant)
+	- kde4libs <undetermined> (unimportant)
+	NOTE: proof of concept maximum impact against webkit is dos-only
 CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a
denial ...)
 	NOT-FOR-US: PumpKIN TFTP Server
 CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote
...)