thr3ads.net - Secure testing commits - [Secure-testing-commits] r17043

If this information is useful, please help other people find it:
Share via:

Johnathan Ritzi

2011-Jul-29 17:36 UTC

[Secure-testing-commits] r17043 - data/CVE

Author: jrdioko-guest
Date: 2011-07-29 17:36:11 +0000 (Fri, 29 Jul 2011)
New Revision: 17043

Modified:
   data/CVE/list
Log:
Several WebKit TODO: check''s -> chromium-browser/webkit
<undetermined>s

Revert if there''s some reason this set of issues was supposed to stay
TODO: check. Also curious why other packages with webkit embedded
(like qt4-x11) don''t get <undetermined> flags on WebKit issues.


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-07-29 15:37:57 UTC (rev 17042)
+++ data/CVE/list	2011-07-29 17:36:11 UTC (rev 17043)
@@ -7626,11 +7626,14 @@
 CVE-2011-0256
 	RESERVED
 CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0252
 	RESERVED
 CVE-2011-0251
@@ -7648,31 +7651,40 @@
 CVE-2011-0245
 	RESERVED
 CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0243
 	RESERVED
 CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before
5.0.6 ...)
 	TODO: check
 CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0239
 	RESERVED
 CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0236
 	RESERVED
 CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0231
 	RESERVED
 CVE-2011-0230
@@ -7812,14 +7824,17 @@
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple
iTunes ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is
used, ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari
before ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
@@ -7827,19 +7842,23 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not
...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3,
does ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before
4.3 does ...)
 	NOT-FOR-US: Safari in Apple iOS
 CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement
...)
 	NOT-FOR-US: MobileSafari in Apple iOS
 CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers
to ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
 CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>

Michael Gilbert

2011-Jul-29 17:51 UTC

head link

[Secure-testing-commits] r17043 - data/CVE

Johnathan Ritzi wrote:
> Author: jrdioko-guest
> Date: 2011-07-29 17:36:11 +0000 (Fri, 29 Jul 2011)
> New Revision: 17043
> 
> Modified:
>    data/CVE/list
> Log:
> Several WebKit TODO: check''s -> chromium-browser/webkit
<undetermined>s
> 
> Revert if there''s some reason this set of issues was supposed to
stay
> TODO: check. Also curious why other packages with webkit embedded
> (like qt4-x11) don''t get <undetermined> flags on WebKit
issues.
Because there is no one doing security support for qt4-x11.  I used to
try to keep track of this stuff, but it wasn''t adding any value without
anyone trying to process it.  If there''s someone interested in taking
that on, it would be wonderful.

Mike

Moritz Mühlenhoff

2011-Jul-29 22:03 UTC

head link

[Secure-testing-commits] r17043 - data/CVE

On Fri, Jul 29, 2011 at 01:51:59PM -0400, Michael Gilbert
wrote:> Johnathan Ritzi wrote:
> 
> > Author: jrdioko-guest
> > Date: 2011-07-29 17:36:11 +0000 (Fri, 29 Jul 2011)
> > New Revision: 17043
> > 
> > Modified:
> >    data/CVE/list
> > Log:
> > Several WebKit TODO: check''s -> chromium-browser/webkit
<undetermined>s
> > 
> > Revert if there''s some reason this set of issues was supposed
to stay
> > TODO: check. Also curious why other packages with webkit embedded
> > (like qt4-x11) don''t get <undetermined> flags on WebKit
issues.
> 
> Because there is no one doing security support for qt4-x11.  I used to
> try to keep track of this stuff, but it wasn''t adding any value
without
> anyone trying to process it.  If there''s someone interested in
taking
> that on, it would be wonderful.
Ack. We even had to document this in the Squeeze release notes.

Cheers,
        Moritz

Secure testing commits - Jul 2011 - r17043 - data/CVE

[Secure-testing-commits] r17043 - data/CVE

[Secure-testing-commits] r17043 - data/CVE

[Secure-testing-commits] r17043 - data/CVE