thr3ads.net - Secure testing commits - [Secure-testing-commits] r15293

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2010-Sep-09 08:08 UTC
[Secure-testing-commits] r15293 - data/CVE

Author: jmm-guest
Date: 2010-09-09 08:08:33 +0000 (Thu, 09 Sep 2010)
New Revision: 15293

Modified:
   data/CVE/list
Log:
- iceape fixed
- new squid3 issue, encfs, openjdk, chromium, webkit issues
- weborf fixed (should be removed, though)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-08 21:14:49 UTC (rev 15292)
+++ data/CVE/list	2010-09-09 08:08:33 UTC (rev 15293)
@@ -5,33 +5,47 @@
 CVE-2010-3260
 	RESERVED
 CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read
access ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53
does not ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the
number of ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53
does ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3253 (The implementation of notification permissions in Google Chrome
before ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in
Google ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53
allows ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict
copying to ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the
_blank ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite
...)
 	TODO: check
 CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly
...)
@@ -43,7 +57,7 @@
 CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
 	TODO: check
 CVE-2010-XXXX [weborf directory traversal]
-	- weborf <unfixed>
+	- weborf 0.12.3-1
 	NOTE: http://www.exploit-db.com/exploits/14925/
 CVE-2010-3243
 	RESERVED
@@ -204,21 +218,21 @@
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3168 [XUL tree removal crash and remote code execution]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3167 [Dangling pointer vulnerability in nsTreeContentView]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3166 [Heap buffer overflow in nsTextFrameUtils::TransformText]
 	RESERVED
@@ -226,7 +240,7 @@
 	[lenny] - xulrunner <not-affected> (Doesn''t affect Xulrunner
1.9.0 code base)
 	- icedove <unfixed>
 	[lenny] - icedove <not-affected> (Doesn''t affect Xulrunner
1.9.0 code base)
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-3165
 	RESERVED
@@ -487,12 +501,17 @@
 	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
 CVE-2010-3075
 	RESERVED
+	- encfs <unfixed> (bug #595998)
 CVE-2010-3074
 	RESERVED
+	- encfs <unfixed> (bug #595998)
 CVE-2010-3073
 	RESERVED
-CVE-2010-3072
-	RESERVED
+	- encfs <unfixed> (bug #595998)
+CVE-2010-3072 
+	RESERVED 
+	- squid3 <unfixed> (bug #596086)
+	- squid <not-affected> (Only affects 3.x)
 CVE-2010-3071 [bip DoS]
 	RESERVED
 	- bip <unfixed> (low; bug #595409)
@@ -1309,35 +1328,35 @@
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2768 [UTF-7 XSS by overriding document charset using <object>
type attribute]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2767 [Dangling pointer vulnerability using DOM plugin array]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2766 [Crash and remote code execution in normalizeDocument]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2765 [Frameset integer overflow vulnerability]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2764 [Information leak via XMLHttpRequest statusText]
 	RESERVED
@@ -1345,14 +1364,14 @@
 	[lenny] - xulrunner <not-affected> (Doesn''t affect Xulrunner
1.9.0 code base)
 	- icedove <unfixed>
 	[lenny] - icedove <not-affected> (Doesn''t affect Xulrunner
1.9.0 code base)
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2763 [XSS using SJOW scripted function]
 	RESERVED
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2762 [SJOW creates scope chains ending in outer object]
 	RESERVED
@@ -1364,7 +1383,7 @@
 	{DSA-2106-1}
 	- xulrunner <unfixed>
 	- icedove <unfixed>
-	- iceape <unfixed>
+	- iceape 2.0.7-1
 	[lenny] - iceape <not-affected> (Only a stub package)
 CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1
through ...)
 	- bugzilla <unfixed> (bug #595015; medium)
@@ -1879,6 +1898,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2010-2548
 	RESERVED
+	- openjdk-6 <unfixed>
+	NOTE: Fixed in experimental
 CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in
GnuPG ...)
 	{DSA-2076-1}
 	- gnupg2 2.0.14-2
Secure testing commits - Sep 2010 - r15293 - data/CVE

[Secure-testing-commits] r15293 - data/CVE
