[Secure-testing-commits] r15749 - data/CVE

Fri, 24 Dec 2010 05:45:28 -0800 

Author: jmm-guest
Date: 2010-12-24 13:44:56 +0000 (Fri, 24 Dec 2010)
New Revision: 15749

Modified:
   data/CVE/list
Log:
- one perl module dupe
- new mozilla issue
- opensc no-dsa, pending for spu
- pscs/ccid sre plain bugs, hardly security issues
- two more chrome issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-12-24 13:31:04 UTC (rev 15748)
+++ data/CVE/list       2010-12-24 13:44:56 UTC (rev 15749)
@@ -145,9 +145,11 @@
 CVE-2011-0046
        RESERVED
 CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 
8.0.552.343 do ...)
-       TODO: check
+       - chromium-browser <unfixed>
+       - webkit <undetermined>
 CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before 
8.0.552.343 do ...)
-       TODO: check
+       - chromium-browser <unfixed>
+       - webkit <undetermined>
 CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome 
before ...)
        - chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
        NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
@@ -212,11 +214,13 @@
        TODO: check
        NOTE: http://www.waraxe.us/advisory-77.html
 CVE-2010-XXXX [pcsc-lite buffer overflow]
-       - pcsc-lite <unfixed> (bug #607781)
+       - pcsc-lite 1.6.6-1 (unimportant; bug #607781)
        NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
+       NOTE: Theoretical attack
 CVE-2010-XXXX [ccid driver buffer overflow]
-       - ccid <unfixed> (bug #607780)
+       - ccid <unfixed> (unimportant; bug #607780)
        NOTE: CVE requested, http://seclists.org/oss-sec/2010/q4/356
+       NOTE: Theoretical attack
 CVE-2010-XXXX [webkit info leak]
        - webkit <unfixed> (low)
        - chromium-browser <undetermined> (low)
@@ -230,7 +234,8 @@
        NOT-FOR-US: SAP NetWeaver Business Client
 CVE-2010-4523
        RESERVED
-       - opensc 0.11.13-1.1 (bug #607427)
+       - opensc 0.11.13-1.1 (low; bug #607427)
+       [lenny] - opensc <no-dsa> (Minor issue)
 CVE-2010-4555
        RESERVED
 CVE-2010-4554
@@ -420,7 +425,7 @@
 CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security 
Suite ...)
        NOT-FOR-US: CA Internet Security Suite
 CVE-2010-4501 (IO::Socket::SSL Perl module 1.35, when verify_mode is not 
VERIFY_NONE, ...)
-       TODO: check
+       NOTE: Dupe of CVE-2010-4334
 CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in 
MRCGIGUY ...)
        NOT-FOR-US: MRCGIGUY FreeTicket
 CVE-2010-XXXX
@@ -1168,7 +1173,7 @@
 CVE-2010-4222
        RESERVED
 CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle 
overlong ...)
-       TODO: check
+       - xulrunner <undetermined>
 CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in 
ext/xml/xml.c in ...)
        - php5 <unfixed>
        TODO: check


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

Reply via email to