thr3ads.net - Secure testing commits - [Secure-testing-commits] r15809

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Jan-06 20:33 UTC
[Secure-testing-commits] r15809 - data/CVE

Author: jmm-guest
Date: 2011-01-06 20:33:35 +0000 (Thu, 06 Jan 2011)
New Revision: 15809

Modified:
   data/CVE/list
Log:
- mark remaining webkit/lenny as no-dsa
- kernel updates
- no-dsa for some fringe issues


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-01-06 18:21:31 UTC (rev 15808)
+++ data/CVE/list	2011-01-06 20:33:35 UTC (rev 15809)
@@ -893,7 +893,7 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4526 [sctp: a race between ICMP protocol unreachable and connect()]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4525
 	RESERVED
 	- linux-2.6 <unfixed>
@@ -1410,17 +1410,17 @@
 CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222
...)
 	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2,
we never released an affected kernel)
 CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux
kernel ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by
...)
 	- exim4 4.72-3 (bug #606612)
 CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in
string.c ...)
 	{DSA-2131-1}
 	- exim4 4.70-1 (bug #606612)
 CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35
does not ...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
 CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux
...)
-	- linux-2.6 <unfixed>
+	- linux-2.6 2.6.32-30
 CVE-2010-4341
 	RESERVED
 CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote
attackers ...)
@@ -2155,6 +2155,7 @@
 	- chromium-browser 6.0.472.63~r59945-1
 CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle
animated GIF ...)
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 6.0.472.63~r59945-1
 	NOTE: http://trac.webkit.org/changeset/68446
 CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set
the ...)
@@ -2528,7 +2529,7 @@
 	- linux-2.6 2.6.32-29 (low)
 CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does
not ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-30 (low)
 CVE-2010-3879 [fuse: unprivileged user can unmount arbitrary locations via
symlink attack]
 	RESERVED
 	- fuse <unfixed> (bug #602333)
@@ -2536,13 +2537,13 @@
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full
application server, #581226)
 CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel
before ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-30 (low)
 CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2
does not ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-30 (low)
 CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux
kernel ...)
 	{DSA-2126-1}
-	- linux-2.6 <unfixed> (low)
+	- linux-2.6 2.6.32-30 (low)
 CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
 	{DSA-2126-1}
 	- linux-2.6 <unfixed> (unimportant)
@@ -2744,6 +2745,7 @@
 	- chromium-browser <undetermined>
 CVE-2010-3812 (Integer overflow in the wholeText method in WebKit in Apple
Safari ...)
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <undetermined>
 	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
 CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
@@ -2781,6 +2783,7 @@
 	RESERVED
 CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x
before ...)
 	- xar <removed>
+	[lenny] - xar <no-dsa> (Minor issue)
 CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple
Mac ...)
 	NOT-FOR-US: Apple Wiki Server
 CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5
does not ...)
@@ -3987,6 +3990,7 @@
 	RESERVED
 CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...)
 	- mn-fit <unfixed> (bug #598298)
+	[lenny] - mn-fit <no-dsa> (Minor issue)
 CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...)
 	- mistelix 0.31-2 (low; bug #598297)
 CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length
directory ...)
@@ -4244,6 +4248,7 @@
 CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3 ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
 	NOTE: http://trac.webkit.org/changeset/65826
 CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53
does not ...)
@@ -4253,6 +4258,7 @@
 CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/65748
https://bugs.webkit.org/show_bug.cgi?id=44226
 CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the
number of ...)
 	- chromium-browser 6.0.472.53~r57914-1
@@ -4261,11 +4267,13 @@
 CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter
...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
 	NOTE: http://trac.webkit.org/changeset/66052
 CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53
does ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/65135
 CVE-2010-3253 (The implementation of notification permissions in Google Chrome
before ...)
 	- chromium-browser 6.0.472.53~r57914-1
@@ -4288,10 +4296,12 @@
 CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG
...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/60541
 CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict
copying to ...)
 	- chromium-browser 6.0.472.53~r57914-1
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/58703
 CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the
...)
 	- chromium-browser 6.0.472.53~r57914-1
@@ -4676,6 +4686,7 @@
 CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the
...)
 	- chromium-browser 5.0.375.127~r55887-1
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
@@ -4684,6 +4695,7 @@
 CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the
Ruby ...)
 	- chromium-browser 5.0.375.127~r55887-1
 	- webkit 1.2.4-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
 	NOTE: http://trac.webkit.org/changeset/65090
 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google
Chrome ...)
@@ -4694,6 +4706,7 @@
 	- webkit <not-affected> (chromium specific)
 CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in
Apple ...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: http://trac.webkit.org/changeset/64293
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
@@ -4701,17 +4714,20 @@
 	NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in
1.2 series
 CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the
...)
 	- webkit 1.2.5-1 (bug #599830)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: http://trac.webkit.org/changeset/63925
 	NOTE: http://trac.webkit.org/changeset/64077
 	NOTE: only partially fixed: only 64077 applied in 1.2.4-1
 CVE-2010-3114 (The text-editing implementation in Google Chrome before
5.0.375.127 ...)
 	- webkit 1.2.4-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
 	NOTE: http://trac.webkit.org/changeset/63773
 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG
...)
 	- webkit 1.2.5-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
 	NOTE: http://trac.webkit.org/changeset/63865
@@ -5212,22 +5228,26 @@
 	- chromium-browser 5.0.375.125~r53311-1
 CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125
allows ...)
 	- webkit 1.2.4-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
 	NOTE: http://trac.webkit.org/changeset/62662
 	NOTE: duplicate of cve-2010-1793
 CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125
...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373
 	NOTE: http://trac.webkit.org/changeset/63048
 CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a
large ...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
 	NOTE: http://trac.webkit.org/changeset/63219
 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google
...)
 	- webkit 1.2.4-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
 	NOTE: http://trac.webkit.org/changeset/62134
@@ -5955,6 +5975,7 @@
 	- chromium-browser 5.0.375.99~r51029-1
 CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome
...)
 	- webkit 1.2.5-1 (bug #599830)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
@@ -5970,11 +5991,13 @@
 	NOTE: http://trac.webkit.org/changeset/60977
 CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka
Bidi ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
 	NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
 CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause
a ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
 	NOTE: http://trac.webkit.org/changeset/61667
@@ -5984,6 +6007,7 @@
 	NOTE: duplicate of cve-2010-1786
 CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate
sandboxed ...)
 	- webkit 1.2.5-1 (bug #599830)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
 	NOTE: http://trac.webkit.org/changeset/58873
@@ -6792,17 +6816,20 @@
 	REJECTED
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google
Chrome ...)
 	- webkit 1.2.1-3
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59876
 	NOTE: duplicate of cve-2010-1771
 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp
in ...)
 	- webkit 1.2.1-3
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59241
 	NOTE: http://trac.webkit.org/changeset/59242
 	NOTE: duplicate of cve-2010-1762
 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes
...)
 	- webkit 1.2.1-3
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59109 
 	NOTE: duplicate of cve-2010-1759
@@ -6814,10 +6841,12 @@
 	- chromium-browser 5.0.375.70~r48679-1
 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google
Chrome ...)
 	- webkit 1.2.1-3 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/59495
 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome
before ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
 	NOTE: http://trac.webkit.org/changeset/57627
@@ -6827,6 +6856,7 @@
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome
before ...)
 	- webkit 1.2.1-3 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/58829
 CVE-2009-4900 [pixelpost XSS]
@@ -7319,6 +7349,7 @@
 CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55
allows ...)
 	- chromium-browser 5.0.375.55~r47796-1
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/58441
 CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55
allows ...)
 	- chromium-browser 5.0.375.55~r47796-1
@@ -8066,10 +8097,12 @@
 	RESERVED
 CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome
...)
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: http://trac.webkit.org/changeset/66847
 CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome
...)
 	- webkit <unfixed>
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: http://trac.webkit.org/changeset/66795
 CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in
...)
@@ -8094,6 +8127,7 @@
 	RESERVED
 CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1
on the ...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <undetermined>
 CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
 	- webkit <not-affected>
@@ -8101,6 +8135,7 @@
 	NOTE: duplicate of CVE-2010-1783
 CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/63048
 CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1
on the ...)
@@ -8117,6 +8152,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2,
and ...)
 	- webkit 1.2.5-1 (bug #599830)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/64706
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
@@ -8161,12 +8197,14 @@
 	NOT-FOR-US: Apple
 CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple
Safari ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: http://trac.webkit.org/changeset/62482
 	NOTE: http://trac.webkit.org/changeset/62662
 	NOTE: duplicated as cve-2010-2902
 CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/62386
 	NOTE: Chromium uses a totally different regexp implementation.
@@ -8176,6 +8214,7 @@
 	NOTE: this is specific to Safari''s JavaScript engine
 CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/62301
 	NOTE: this is specific to Safari''s JavaScript engine
@@ -8185,25 +8224,30 @@
 	NOTE: this is specific to Safari''s JavaScript engine
 CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994
 	NOTE: http://trac.webkit.org/changeset/62482
 CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: http://trac.webkit.org/changeset/61044
 CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.1 on ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1 
 	NOTE: http://trac.webkit.org/changeset/61667
 	NOTE: duplicated as cve-2010-2647
 CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-1
 	NOTE: http://trac.webkit.org/changeset/61050
 	NOTE: http://trac.webkit.org/changeset/61051
 CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS)
...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: http://trac.webkit.org/changeset/62271
 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
@@ -8212,6 +8256,7 @@
 	NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-3114
 CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit 1.2.4-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.127~r55887-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
 	NOTE: http://trac.webkit.org/changeset/63772
@@ -8222,6 +8267,7 @@
 	NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently
available
 CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.1 on ...)
 	- webkit 1.2.5-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407
 	NOTE: http://trac.webkit.org/changeset/60984
@@ -8239,37 +8285,44 @@
 	NOT-FOR-US: Apple iPhone Passcode Lock
 CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
 	NOTE: http://trac.webkit.org/changeset/59495
 CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
 	NOTE: http://trac.webkit.org/changeset/59950
 CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore
in ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
 	NOTE: http://trac.webkit.org/changeset/59859
 CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
 	NOTE: http://trac.webkit.org/changeset/59876
 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
 	NOTE: http://trac.webkit.org/changeset/59795
 CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS
before 4 ...)
 	- webkit 1.2.2-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: dupe of CVE-2010-1774
 CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows
local ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
 	- webkit 1.2.1-3 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
 	NOTE: http://trac.webkit.org/changeset/57041
@@ -8277,6 +8330,7 @@
 	TODO: request rejection
 CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake
...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
 	NOTE: http://trac.webkit.org/changeset/56380
@@ -8289,6 +8343,7 @@
 	TODO: is this commit correct? its labeled as a "build fix"
 CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
 	NOTE: http://trac.webkit.org/changeset/55157
@@ -8299,27 +8354,32 @@
 	NOTE: http://trac.webkit.org/changeset/59486
 CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
 	NOTE: http://trac.webkit.org/changeset/59241
 	NOTE: http://trac.webkit.org/changeset/59242
 CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
 	NOTE: http://trac.webkit.org/changeset/59263
 CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.99~r51029-2
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
 	NOTE: http://trac.webkit.org/changeset/58409
 CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
 	NOTE: http://trac.webkit.org/changeset/59109
 CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
 	NOTE: http://trac.webkit.org/changeset/59098
@@ -8345,6 +8405,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
@@ -8558,10 +8619,12 @@
 CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle
fonts, ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.2.1-3
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/58201
 CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5
...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/57922
 CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in
Google ...)
 	- chromium-browser 5.0.375.29~r46008-1
@@ -9318,6 +9381,7 @@
 	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
 CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
 	NOTE: http://trac.webkit.org/changeset/58829
@@ -9330,11 +9394,13 @@
 	RESERVED
 CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
 	NOTE: http://trac.webkit.org/changeset/58616
 CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
@@ -9344,6 +9410,7 @@
 	NOTE: http://trac.webkit.org/changeset/57627
 CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in
Apple ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
 	NOTE: http://trac.webkit.org/changeset/58201
@@ -9351,16 +9418,19 @@
 	TODO: request rejection
 CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
 	NOTE: http://trac.webkit.org/changeset/56810
 CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
 	NOTE: http://trac.webkit.org/changeset/56420
 CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
 	NOTE: http://trac.webkit.org/changeset/55783
@@ -9371,6 +9441,7 @@
 	NOTE: http://trac.webkit.org/changeset/57232
 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
 	NOTE: http://trac.webkit.org/changeset/57759
Secure testing commits - Jan 2011 - r15809 - data/CVE

[Secure-testing-commits] r15809 - data/CVE
