Author: jmm-guest Date: 2010-12-24 13:44:56 +0000 (Fri, 24 Dec 2010) New Revision: 15749 Modified: data/CVE/list Log: - one perl module dupe - new mozilla issue - opensc no-dsa, pending for spu - pscs/ccid sre plain bugs, hardly security issues - two more chrome issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-12-24 13:31:04 UTC (rev 15748) +++ data/CVE/list 2010-12-24 13:44:56 UTC (rev 15749) @@ -145,9 +145,11 @@ CVE-2011-0046 RESERVED CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...) - TODO: check + - chromium-browser <unfixed> + - webkit <undetermined> CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...) - TODO: check + - chromium-browser <unfixed> + - webkit <undetermined> CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...) - chromium-browser 6.0.472.63~r59945-4 (bug #607843; low) NOTE: http://code.google.com/p/chromium/issues/detail?id=63529 @@ -212,11 +214,13 @@ TODO: check NOTE: http://www.waraxe.us/advisory-77.html CVE-2010-XXXX [pcsc-lite buffer overflow] - - pcsc-lite <unfixed> (bug #607781) + - pcsc-lite 1.6.6-1 (unimportant; bug #607781) NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356 + NOTE: Theoretical attack CVE-2010-XXXX [ccid driver buffer overflow] - - ccid <unfixed> (bug #607780) + - ccid <unfixed> (unimportant; bug #607780) NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356 + NOTE: Theoretical attack CVE-2010-XXXX [webkit info leak] - webkit <unfixed> (low) - chromium-browser <undetermined> (low) @@ -230,7 +234,8 @@ NOT-FOR-US: SAP NetWeaver Business Client CVE-2010-4523 RESERVED - - opensc 0.11.13-1.1 (bug #607427) + - opensc 0.11.13-1.1 (low; bug #607427) + [lenny] - opensc <no-dsa> (Minor issue) CVE-2010-4555 RESERVED CVE-2010-4554 @@ -420,7 +425,7 @@ CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...) NOT-FOR-US: CA Internet Security Suite CVE-2010-4501 (IO::Socket::SSL Perl module 1.35, when verify_mode is not VERIFY_NONE, ...) - TODO: check + NOTE: Dupe of CVE-2010-4334 CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...) NOT-FOR-US: MRCGIGUY FreeTicket CVE-2010-XXXX @@ -1168,7 +1173,7 @@ CVE-2010-4222 RESERVED CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...) - TODO: check + - xulrunner <undetermined> CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...) - php5 <unfixed> TODO: check