thr3ads.net - Secure testing commits - [Secure-testing-commits] r19910

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2012-Aug-07 19:43 UTC
[Secure-testing-commits] r19910 - data/CVE

Author: jmm
Date: 2012-08-07 19:43:06 +0000 (Tue, 07 Aug 2012)
New Revision: 19910

Modified:
   data/CVE/list
Log:
nsd3 fixed
new redeclipse issue
php5 unfixed for one issue
php not affected for another issue
new chromium issues (likely fixed, though)
clean up old TODOs
network-manager fixed and no-dsa
checked python XMLRPC issue


Modified: data/CVE/list
==================================================================---
data/CVE/list	2012-08-07 19:22:38 UTC (rev 19909)
+++ data/CVE/list	2012-08-07 19:43:06 UTC (rev 19910)
@@ -1,3 +1,5 @@
+CVE-2012-XXXX [redeclipse code execution through map files]
+	- redeclipse <unfixed> (bug #684143)
 CVE-2012-XXXX [base64 buffer overflows]
 	- libotr <unfixed> (bug #684121)
 CVE-2012-XXXX [world-writeable directory]
@@ -1465,8 +1467,7 @@
 	RESERVED
 CVE-2012-3450 [php5 pdo array overread/crash]
 	RESERVED
-	- php5 <undetermined> (bug #683694)
-	TODO: check. might have been fixed already in Debian
+	- php5 <unfixed> (bug #683694)
 	NOTE: http://seclists.org/bugtraq/2012/Jun/60
 	NOTE: https://bugs.php.net/bug.php?id=61755
 	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
@@ -2597,7 +2598,7 @@
 	- nsd3 <not-affected> (Debian version not affected)
 CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and
3.2.x ...)
 	{DSA-2515-1}
-	TODO: check
+	- nsd3 3.2.12-1
 CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
 	NOT-FOR-US: Symantec Web Gateway
 CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before
5.0.3.18 ...)
@@ -3198,7 +3199,8 @@
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
 CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network
results in insecure network being created instead]
 	RESERVED
-	- network-manager <unfixed> (bug #655972)
+	- network-manager 0.9.4.0-1 (low; bug #655972)
+	[squeeze] - network-manager <no-dsa> (Minor issue)
 	NOTE: this might warrant a CVE for the kernel too
 CVE-2012-2735
 	RESERVED
@@ -4725,8 +4727,8 @@
 	{DSA-2491-1}
 	- postgresql-9.1 9.1.4-1
 	- postgresql-8.4 8.4.12-1
-	NOTE: DES weakness in crypt() when using unicode encoding
-	TODO: check who''s affected (php? postgre?)
+	- php5 5.3.3-1
+	NOTE: Uses the unaffected system libraries since 5.3.3
 CVE-2012-2142
 	RESERVED
 CVE-2012-2141 [Array index error, leading to out-of heap-based buffer read
(snmpd crash)]
@@ -5508,9 +5510,11 @@
 CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and
SP1; ...)
 	NOT-FOR-US: Microsoft Excel
 CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to
...)
-	TODO: check
+	- chromium-browser <unfixed>
+	NOTE: Very likely fixed, but exact fixed version unknown
 CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and
earlier ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	NOTE: Very likely fixed, but exact fixed version unknown
 CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3
...)
 	NOT-FOR-US: Quantum Scalar
 CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in
saveRestore.htm on ...)
@@ -7953,13 +7957,14 @@
 	- webcalendar <removed>
 CVE-2012-0845
 	RESERVED
-	- python3.1 <removed>
-	- python3.2 <unfixed>
-	- python2.7 <unfixed>
+	- python3.1 <removed> (low)
+	[squeeze] - python3.1 <no-dsa> (Minor issue)
+	- python3.2 3.2.3~rc1-1
+	- python2.7 2.7.3~rc1-1
 	- python2.6 2.6.8-0.1
+	[squeeze] - python2.6 <no-dsa> (Minor issue)
 	- python2.5 <removed>
-	- python2.4 <removed>
-	TODO: check
+	[squeeze] - python2.5 <no-dsa> (Minor issue)
 CVE-2012-0844
 	RESERVED
 	- netsurf 2.8-2 (bug #659376)
@@ -9713,7 +9718,7 @@
 	REJECTED
 	NOTE: Rejected CVE-identifier. Please use CVE-2012-2667
 CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows
remote ...)
-	TODO: check
+	- nginx <not-affected> (Only affects Nginx on Windows)
 CVE-2011-4962 [silverstripe: Potential remote code execution]
 	RESERVED
 	- silverstripe <itp> (bug #528461)
@@ -15183,8 +15188,6 @@
 	- cyrus-imapd-2.2 2.4.11-1 (medium)
 	- cyrus-imapd-2.4 2.4.11-1 (medium)
 	- kolab-cyrus-imapd <unfixed> (medium)
-	TODO: file bug for kolab-cyrus-imapd
-	NOTE: medium because it allows to exploit CVE-2011-3208 unauthenticated
 CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: PunBB
 CVE-2011-3370
@@ -15208,8 +15211,6 @@
 	- kde4libs 4:4.7.2-1
 	[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
 	[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
-	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
-	TODO: File bugs
 CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in
...)
 	- network-manager-applet <not-affected> (ifcfg-rh plugin not
built/included in Debian)
 CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux
kernel ...)
@@ -15617,7 +15618,6 @@
 	- cyrus-imapd-2.2 2.4.11-1 (medium)
 	- cyrus-imapd-2.4 2.4.11-1 (medium)
 	- kolab-cyrus-imapd <unfixed> (medium)
-	TODO: file bug for kolab-cyrus-imapd
 CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not
...)
 	- openssl 1.0.0e-1
 	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
@@ -21494,14 +21494,12 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (losecontext not present in 1.2)
-	TODO: recheck webkit 1.3
 	NOTE: http://trac.webkit.org/changeset/78921
 CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a
cast of ...)
 	- chromium-browser 10.0.648.127~r76697-1
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (vulnerable code not present)
-	TODO: recheck webkit 1.3
 	NOTE: http://trac.webkit.org/changeset/78744
 CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle
DataView ...)
 	- chromium-browser 10.0.648.127~r76697-1
@@ -21531,7 +21529,6 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (vulnerable code not present)
-	TODO: recheck webkit 1.3
 	NOTE: http://trac.webkit.org/changeset/78147
 CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before
...)
 	- chromium-browser <unfixed> (unimportant)
@@ -21552,7 +21549,6 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (vulnerable code not yet present)
-	TODO: recheck webkit 1.3
 	NOTE: http://trac.webkit.org/changeset/76652
 CVE-2011-1190 (The Web Workers implementation in Google Chrome before
10.0.648.127 ...)
 	{DSA-2189-1}
@@ -21572,7 +21568,6 @@
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/77142
-	TODO: ^ this commit only contains tests for the issue, need commit # for fix
 CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to
bypass ...)
 	- libv8 3.1.8.10-1 (bug #617418)
 	- icedove <unfixed> (low)
@@ -21780,7 +21775,6 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (vulnerable code introduced in commit 75823)
-	TODO: recheck once webkit 1.3 enters unstable
 	NOTE: http://trac.webkit.org/changeset/78775
 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107
...)
 	- chromium-browser 9.0.597.107~r75357-1
@@ -21798,7 +21792,6 @@
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
-	TODO: ^ this bug is embargoed, please note the commit #
 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows
remote ...)
 	{DSA-2189-1}
 	- chromium-browser 9.0.597.107~r75357-1
@@ -21811,14 +21804,12 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <not-affected> (webgl support not present in 1.2)
-	TODO: recheck webkit 1.3 once its uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/77956
 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine
device ...)
 	- chromium-browser 9.0.597.107~r75357-1
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (device orientation code/support not present in
1.2)
-	TODO: recheck webkit 1.3 once its uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/77418
 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle
TEXTAREA ...)
 	- chromium-browser 9.0.597.107~r75357-1
@@ -21849,7 +21840,6 @@
 	- chromium-browser 9.0.597.107~r75357-1
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <not-affected> (vulnerable code introduced after 1.2, and the
fix restores this code to its 1.2 state)
-	TODO: check webkit 1.3 once it enters unstable
 	NOTE: http://trac.webkit.org/changeset/77141
 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does
not ...)
 	{DSA-2189-1}
@@ -21873,7 +21863,6 @@
 	[squeeze] - chromium-browser <not-affected>
 	[wheezy] - chromium-browser <not-affected>
 	- webkit <not-affected> (vulnerable code not present in 1.2)
-	TODO: check webkit 1.3 once it gets uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/76828
 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes
in ...)
 	{DSA-2189-1}
@@ -21889,7 +21878,6 @@
 CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107
allows ...)
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <not-affected> (history controller code not present in 1.2)
-	TODO: recheck webkit 1.3 once it gets uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/76205
 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the
server ...)
 	NOT-FOR-US: IBM Lotus Sametime
@@ -22044,7 +22032,6 @@
 CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705,
as ...)
 	- chromium-browser <undetermined>
 	- webkit <not-affected> (history controller code not present in 1.2)
-	TODO: recheck webkit 1.3 once it enters unstable
 	NOTE: http://trac.webkit.org/changeset/77705
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389
...)
 	NOT-FOR-US: 389 LDAP server
@@ -22361,13 +22348,12 @@
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <not-affected> (doesn''t include v8 code)
 	NOTE: http://trac.webkit.org/changeset/76264
-	TODO: ^ this has to be the wrong commit, its a v8 fix, but that
doesn''t match the description at all
+	NOTE: ^ this has to be the wrong commit, its a v8 fix, but that
doesn''t match the description at all
 CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle
anonymous ...)
 	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
 	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
 	- webkit <not-affected> (vulnerable code not yet present in 1.2)
-	TODO: check webkit > 1.3 when it gets uploaded
 	NOTE: http://trac.webkit.org/changeset/75810
 CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94
allows ...)
 	- chromium-browser 9.0.597.98~r74359-1
@@ -23527,8 +23513,6 @@
 	- openssh 1:5.8p1-2
 	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
 	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
-	[wheezy] - openssh <not-affected> (only affects openssh 5.6 and 5.7)
-	TODO: remove wheezy not-affected note once newer version transitions
 CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0
frees ...)
 	{DSA-2201-1}
 	- wireshark 1.4.3-3 (low; bug #613202)
@@ -23688,13 +23672,11 @@
 CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
 	- chromium-browser 6.0.472.63~r59945-5
 	- webkit <not-affected> (vulnerable code not present in 1.2)
-	TODO: recheck when > 1.3 gets uploaded
 	NOTE: http://trac.webkit.org/changeset/75082
 	NOTE: http://trac.webkit.org/changeset/75084
 CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
 	- chromium-browser 6.0.472.63~r59945-5
 	- webkit <not-affected> (vulnerable code not present in 1.2)
-	TODO: recheck when > 1.3 gets uploaded
 	NOTE: http://trac.webkit.org/changeset/74787
 CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
 	{DSA-2188-1}
@@ -24306,7 +24288,6 @@
 	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
 CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in
...)
 	- tiff3 3.9.5
-	TODO: check
 	NOTE: tiff (4) might be affected, it was branched after tiff3 3.8.2 but the
tiffdump.c code is completely different so I''m unsure
 CVE-2010-4664
 	RESERVED
@@ -24679,7 +24660,6 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x
before ...)
 	NOT-FOR-US: Apple iOS
-	TODO: Check with Apple, whether this is the standard libxslt
 CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7
...)
 	NOT-FOR-US: Apple Mac OS
 CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before
10.6.7 ...)
@@ -25347,7 +25327,6 @@
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <undetermined> (low)
 	NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
-	TODO: request cve id?
 CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th
and ...)
 	NOT-FOR-US: phpMyFAQ
 CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware
InBatch ...)
@@ -25722,7 +25701,6 @@
 CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
 	- chromium-browser 6.0.472.63~r59945-3
 	- webkit <not-affected> (vulnerable code not present in 1.2)
-	TODO: recheck when > 1.3 gets uploaded
 	NOTE: http://trac.webkit.org/changeset/71170
 CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the
...)
 	- chromium-browser <unfixed> (unimportant)
@@ -25738,7 +25716,6 @@
 	- chromium-browser 6.0.472.63~r59945-3
 	- webkit <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
-	TODO: need webkit commit # (above bug is embargoed)
 CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215
allows ...)
 	- chromium-browser <unfixed> (unimportant)
 	- webkit <unfixed> (unimportant)
@@ -26509,7 +26486,6 @@
 	- webkit <undetermined>
 	- chromium-browser 6.0.472.63~r59945-2
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
-	TODO: need webkit commit # (above bug report is embargoed)
 CVE-2010-4200
 	REJECTED
 CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast
of an ...)
@@ -27478,7 +27454,6 @@
 CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass
the ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows
man-in-the-middle ...)
 	NOT-FOR-US: Apple iOS iAd
 CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures
before ...)
@@ -27486,45 +27461,35 @@
 CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3825
 	RESERVED
 CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3815
 	RESERVED
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c
in ...)
@@ -27542,19 +27507,15 @@
 CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3807
 	RESERVED
 CVE-2010-3806
@@ -27562,15 +27523,12 @@
 CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before
5.0.3 ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows
remote ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute
...)
@@ -31819,7 +31777,6 @@
 	- chromium-browser 6.0.466.0~r52279-1
 	NOTE: This is a large series of risky behaviour-changing changesets.
 	NOTE: upstream changelog says this is fixed in 1.2.3, but i''m
doubtful of that
-	TODO: need commit #
 CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on
...)
 	- nginx <not-affected> (Windows-specific vulnerability when running on
NTFS)
 CVE-2009-4892 (SQL injection vulnerability in Content Management System
WEBjump! ...)
@@ -32994,7 +32951,6 @@
 	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
 	- chromium-browser 6.0.472.59~r59126-1
 	NOTE: http://trac.webkit.org/changeset/65958
-	TODO: recheck chromium, was wrong commit
 CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before
5.0.3 ...)
 	- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x
series)
 	- chromium-browser 6.0.472.62~r59676-1
@@ -33017,7 +32973,6 @@
 CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and
...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -33026,7 +32981,6 @@
 CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1
on the ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
-	TODO: need commit #
 CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
 	NOT-FOR-US: Apple iOS
 CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch
does not ...)
@@ -33151,7 +33105,6 @@
 	- webkit <undetermined> 
 	- chromium-browser <undetermined>
 	NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently
available
-	TODO: need commit #
 CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.1 on ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -33225,7 +33178,6 @@
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
 	NOTE: http://trac.webkit.org/changeset/57995
-	TODO: is this commit correct? its labeled as a "build fix"
 CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -33274,7 +33226,6 @@
 	NOTE: is CVE-2010-2441 a dup of this?
 	NOTE: chromium-sec don''t have info
 	NOTE: Sounds like it could be iPhone specific
-	TODO: need commit #
 CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and
iPod ...)
 	NOT-FOR-US: Apple iPhone
 CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does
not ...)
@@ -34322,7 +34273,6 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
 	NOTE: http://trac.webkit.org/changeset/58201
 	NOTE: if this commit is correct, this is a dup of cve-2010-1665
-	TODO: request rejection
 CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.2-1 
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -34406,7 +34356,6 @@
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
 	NOTE: http://trac.webkit.org/changeset/53446
-	TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
 CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0
on Mac ...)
 	- webkit 1.2.1-2
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
Secure testing commits - Aug 2012 - r19910 - data/CVE

[Secure-testing-commits] r19910 - data/CVE
