Author: iuculano
Date: 2010-07-19 13:15:44 +0000 (Mon, 19 Jul 2010)
New Revision: 15001
Modified:
data/CVE/list
data/embedded-code-copies
Log:
CVE-2010-2713 fixed in vte 1:0.24.3-1
CVE-2010-2249 and CVE-2010-1205: tuxonice-userui was binNMUed
CVE-2010-2244: fixed in avahi 0.6.26-1
webkit and chromium issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-07-19 12:27:50 UTC (rev 15000)
+++ data/CVE/list 2010-07-19 13:15:44 UTC (rev 15001)
@@ -112,8 +112,11 @@
NOT-FOR-US: TCW PHP Album
CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP
Album 1.0 ...)
NOT-FOR-US: TCW PHP Album
-CVE-2010-2713
+CVE-2010-2713 [vte: responds to get window title escape sequence request]
RESERVED
+ - vte 1:0.24.3-1
+ NOTE:
http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
+ NOTE:
http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
CVE-2010-2712
RESERVED
CVE-2010-2711
@@ -258,29 +261,46 @@
CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce
Creasito ...)
TODO: check
CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement
modal ...)
- - webkit <undetermined>
- - chromium-browser <undetermined>
+ - webkit <not-affected> (chromium specific issue)
+ - chromium-browser 5.0.375.99~r51029-1
CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google
Chrome ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99
has ...)
- - webkit <undetermined>
- - chromium-browser <undetermined>
+ - webkit <not-affected> (chromium specific)
+ - chromium-browser 5.0.375.99~r51029-1
CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99
allows ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797
+ NOTE: http://trac.webkit.org/changeset/60973
+ NOTE: http://trac.webkit.org/changeset/60977
CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka
Bidi ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
+ NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to
cause a ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
+ NOTE: http://trac.webkit.org/changeset/61667
+ NOTE: http://trac.webkit.org/changeset/61669
+ NOTE: http://trac.webkit.org/changeset/61676
+ NOTE: http://trac.webkit.org/changeset/61679
CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate
sandboxed ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
+ NOTE: http://trac.webkit.org/changeset/58873
+ NOTE: http://trac.webkit.org/changeset/59870
CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99,
when ...)
- webkit <undetermined>
- - chromium-browser <undetermined>
+ - chromium-browser 5.0.375.99~r51029-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039
+ NOTE: http://trac.webkit.org/changeset/58957
CVE-2010-2644
RESERVED
CVE-2010-2643
@@ -1253,8 +1273,8 @@
NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x
before ...)
- libpng 1.2.44-1 (low; bug #587670)
- - tuxonice-userui <unfixed> (unimportant)
- TODO: binNMU tuxonice-userui once libpng is fixed
+ - tuxonice-userui 1.0-1 (unimportant)
+ NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-2248 [os/2 smb issue]
RESERVED
- linux-2.6 2.6.32-12 (low)
@@ -1269,7 +1289,7 @@
CVE-2010-2245
RESERVED
CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in
avahi-daemon in ...)
- - avahi <undetermined>
+ - avahi 0.6.26-1
CVE-2010-2243 [timekeeping oops]
RESERVED
- linux-2.6 2.6.32-11
@@ -4164,8 +4184,8 @@
NOTE: Scheduled for next round of Firefox updates (20th July)
CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before ...)
- libpng 1.2.44-1 (bug #587670)
- - tuxonice-userui <unfixed>
- TODO: binNMU tuxonice-userui once libpng is fixed
+ - tuxonice-userui 1.0-1
+ NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through
3.4.6, 3.5.1 ...)
- bugzilla 3.4.7.0-1 (low; bug #587663)
[lenny] - bugzilla <no-dsa> (Minor issue)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-07-19 12:27:50 UTC (rev 15000)
+++ data/embedded-code-copies 2010-07-19 13:15:44 UTC (rev 15001)
@@ -702,6 +702,7 @@
- kde4libs <unfixable> (fork)
NOTE: kde4lib's khtml and webkit were forked from khtml (this tracking,
which seems
NOTE: reversed genesis-wise, is used because of so much other stuff in
kde4libs)
+ - chromium-browser <unfixed> (fork)
ftgl
- blender 2.46+dfsg-1 (embed)
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits
