[Secure-testing-commits] r14400 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Mon Apr 5 01:21:11 UTC 2010 

Author: gilbert-guest
Date: 2010-04-05 01:21:09 +0000 (Mon, 05 Apr 2010)
New Revision: 14400

Modified:
   data/CVE/list
Log:
new webkit issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-05 00:38:39 UTC (rev 14399)
+++ data/CVE/list	2010-04-05 01:21:09 UTC (rev 14400)
@@ -1,27 +1,55 @@
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
-	TODO: check
+	- webkit 1.1.90-1
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55511
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
-	TODO: check
+	- webkit <unfixed>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55822
 CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	TODO: check
+	- chromium <itp> (bug #520324) 
+	NOTE: issue in chrome-specific download dialog
 CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	TODO: check
+	- chromium <itp> (bug #520324) 
+	NOTE: chrome-specific and claimed windows-only
 CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...)
-	TODO: check
+	- webkit <not-affected> (v8 and webgl not yet included)
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55376
+	TODO: recheck as newer webkits get uploaded
 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
-	TODO: check
+	- webkit 1.1.90-1
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324)
+	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
+	- webkit <undetermined>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324)
 	TODO: check
 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific issue
 CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific sandboxing issue
 CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific sandboxing issue
 CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
 	TODO: check
 CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...)
-	TODO: check
+	NOT-FOR-US: Apple iPhone
 CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...)
 	TODO: check
 CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...)

More information about the Secure-testing-commits mailing list