Author: gilbert-guest Date: 2010-06-29 05:33:13 +0000 (Tue, 29 Jun 2010) New Revision: 14921 Modified: data/CVE/list Log: some notes Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-06-29 04:41:12 UTC (rev 14920) +++ data/CVE/list 2010-06-29 05:33:13 UTC (rev 14921) @@ -465,6 +465,7 @@ NOT-FOR-US: Microsoft Windows CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) - webkit <undetermined> + - chromium-browser <undetermined> CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) - nginx <not-affected> (Windows-specific vulnerability when running on NTFS) CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) @@ -589,7 +590,7 @@ - php5 <undetermined> TODO: check CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...) - NOT-FOR-US: Reh Had Enterprise Virtualization Manager (RHEV-M) + NOT-FOR-US: Reh Hat Enterprise Virtualization Manager (RHEV-M) CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...) NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H) CVE-2010-2222 @@ -1163,6 +1164,7 @@ NOT-FOR-US: Opera CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...) - chromium-browser <unfixed> (unimportant) + - webkit <undetermined> (unimportant) NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en NOTE: poc is just one window, but can be changed to open many NOTE: this is a dos-only attack, so its considered unimportant @@ -1282,9 +1284,11 @@ CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header ...) - chromium-browser <undetermined> - webkit <undetermined> + TODO: someone with access to the webkit security list please track down commit CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...) - chromium-browser <undetermined> - webkit <undetermined> + TODO: someone with access to the webkit security list please track down commit CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...) - opie 2.32.dfsg.1-0.2 (low; bug #584932) [lenny] - opie <no-dsa> (Minor issue) @@ -2953,10 +2957,12 @@ - webkit <undetermined> - chromium-browser <undetermined> NOTE: not enough info disclosed to be able to check + TODO: someone with access to webkit security list please track down commit CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) - webkit <undetermined> - chromium-browser <undetermined> NOTE: not enough info disclosed to be able to check + TODO: someone with access to webkit security list please track down commit CVE-2010-1383 RESERVED CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...) @@ -5466,6 +5472,7 @@ NOT-FOR-US: Apple Mac OS X CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-1 + - chromium-browser <undetermined> NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662 NOTE: http://trac.webkit.org/changeset/58792 NOTE: http://trac.webkit.org/changeset/58796