thr3ads.net - Secure testing commits - [Secure-testing-commits] r17299

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Sep-26 17:05 UTC
[Secure-testing-commits] r17299 - data/CVE

Author: jmm
Date: 2011-09-26 17:05:45 +0000 (Mon, 26 Sep 2011)
New Revision: 17299

Modified:
   data/CVE/list
Log:
- new Chrome issues, new typo3 issues, new roundcube issue
- mark two ffmpeg-issues as removed instead of end-of-life, since they were
actually fixed in DSA
- one systemtap issue doesn''t affect stable/oldstable


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-09-26 17:01:40 UTC (rev 17298)
+++ data/CVE/list	2011-09-26 17:05:45 UTC (rev 17299)
@@ -1,3 +1,13 @@
+CVE-2011-XXXX [TYPO3-SA-2011-003]
+	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
+	NOTE: CVE id requested on oss-security
+CVE-2011-XXXX [TYPO3-SA-2011-002]
+	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
+	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
+	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
+	NOTE: CVE id requested on oss-security
+CVE-2011-XXXX [roundcube XSS in UI messages]
+	- roundcube 0.5.4+dfsg-1 (bug #641996)
 CVE-2011-XXXX [apt-key insecure validation]
 	- apt <unfixed> (unimportant; bug #642480)
 	NOTE: Not exploitable in Debian, since no keyring URI is defined
@@ -956,7 +966,8 @@
 CVE-2011-3235
 	RESERVED
 CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle
boxes, ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-3233
 	RESERVED
 CVE-2011-3232
@@ -1896,9 +1907,11 @@
 CVE-2011-2876
 	RESERVED
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected
pin ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2873
 	RESERVED
 CVE-2011-2872
@@ -1918,65 +1931,89 @@
 CVE-2011-2865
 	RESERVED
 CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle
Tibetan ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2863
 	RESERVED
 CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle
strings in ...)
 	TODO: check
 CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle
triangle ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows
remote ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle
Cascading ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle
video, ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2849 (The WebSockets implementation in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google
Chrome ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2845
 	RESERVED
 CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3
files, ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X
does ...)
 	TODO: check
 CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform
garbage ...)
 	TODO: check
 CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote
...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on
Linux ...)
 	- chromium-browser <not-affected> (Pdf plugin)
 CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the
MIME ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC
and ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar
interaction ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows
attackers ...)
-	TODO: check
+	- chromium-browser 14.0.835.163~r101024-1
+	- webkit <undetermined>
 CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome
before ...)
 	TODO: check
 CVE-2011-2833
@@ -2901,6 +2938,8 @@
 CVE-2011-2502
 	RESERVED
 	- systemtap 1.6-1 (bug #635542)
+	[lenny] - systemtap <not-affected> (Affected option introduced in 1.4)
+	[squeeze] - systemtap <not-affected> (Affected option introduced in 1.4)
 CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x
before ...)
 	{DSA-2287-1}
 	- libpng 1.2.44-3 (bug #632786)
@@ -8302,13 +8341,13 @@
 CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function
in ...)
 	{DSA-2165-1}
 	- ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
-	- ffmpeg-debian <not-affected> (issue introduced in 0.6.x series)
+	- ffmpeg-debian <removed>
 	NOTE: recheck when 0.6.x gets uploaded
 CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1
and ...)
 	{DSA-2306-1 DSA-2165-1}
 	- libav 4:0.6.2-1 (low; bug #611495)
 	- ffmpeg <removed> (low; bug #611495)
-	- ffmpeg-debian <end-of-life> 
+	- ffmpeg-debian <removed>
 	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be
combined with other fixes so low urgency)
 CVE-2010-XXXX
 	- redmine 1.0.5-1 (bug #608397)
Secure testing commits - Sep 2011 - r17299 - data/CVE

[Secure-testing-commits] r17299 - data/CVE
