Secure testing commits - Sep 2010 - r15280 - data/CVE

Author: gilbert-guest
Date: 2010-09-07 01:31:19 +0000 (Tue, 07 Sep 2010)
New Revision: 15280

Modified:
   data/CVE/list
Log:
new vlc issue; further webkit/qt4-x11 updates

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-07 01:30:52 UTC (rev 15279)
+++ data/CVE/list	2010-09-07 01:31:19 UTC (rev 15280)
@@ -5,6 +5,10 @@
 	NOTE: CVE id requested
 CVE-2010-XXXX [nusoap xss]
 	- nusoap 0.7.3-4 (low; bug #595248)
+CVE-2010-XXXX [vlc stack overflow]
+	- vlc <undetermined> (low; bug #595686)
+	NOTE: poc didn''t work.  may be windows-only
+	TODO: check with upstream
 CVE-2010-3202
 	RESERVED
 CVE-2010-3201
@@ -1429,6 +1433,7 @@
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
+	NOTE: http://trac.webkit.org/changeset/59247
 CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has
...)
 	- webkit <not-affected> (chromium specific)
 	- chromium-browser 5.0.375.99~r51029-1
@@ -1457,7 +1462,7 @@
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
 	NOTE: http://trac.webkit.org/changeset/58873
-	NOTE: http://trac.webkit.org/changeset/59870
+	NOTE: http://trac.webkit.org/changeset/59870 chromium updates
 CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99,
when ...)
 	- webkit <not-affected> (doesn''t include webgl code yet)
 	- chromium-browser 5.0.375.99~r51029-1
@@ -3220,6 +3225,7 @@
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 	TODO: someone with access to the webkit security list please track down commit
+	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code
execution is possible
 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in
libopie ...)
 	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
 	[lenny] - opie <no-dsa> (Minor issue)
@@ -3836,7 +3842,7 @@
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
 CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple
Safari, ...)
 	- webkit <unfixed> (unimportant)
-	- qt4-x11 <undetermined>
+	- qt4-x11 <undetermined> (unimportant)
 	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
 	NOTE: dos-only on webkit
 CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly
handle a ...)
@@ -17788,7 +17794,7 @@
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <unfixed> (low)
+	- qt4-x11 4:4.6.3-1 (low)
 	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use
qtwebkit )
 	NOTE: http://trac.webkit.org/changeset/36359
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)

On 09/07/2010 03:31 AM, Michael Gilbert wrote:
>  	- chromium-browser <undetermined>
>  	- webkit <undetermined>
>  	TODO: someone with access to the webkit security list please track down
commit
> +	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if
code execution is possible

What sort of DoS? I see only an excessively wide dialog box.

Cheers,
Giuseppe

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20100908/36bdfa4a/attachment.pgp>