[Secure-testing-commits] r14575 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Fri Apr 30 02:07:32 UTC 2010 

Author: gilbert-guest
Date: 2010-04-30 02:07:30 +0000 (Fri, 30 Apr 2010)
New Revision: 14575

Modified:
   data/CVE/list
Log:
chrome updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-30 01:51:35 UTC (rev 14574)
+++ data/CVE/list	2010-04-30 02:07:30 UTC (rev 14575)
@@ -244,18 +244,32 @@
 CVE-2010-1507
 	RESERVED
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...)
-	TODO: check
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <not-affected> (doesn't use v8 bindings yet)
+	TODO: recheck newer webkits
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...)
+	- chromium-browser <itp> (bug #520324) 
+	- webkit <undetermined>
 	TODO: check
 CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...)
 	NOT-FOR-US: MusicBox
@@ -1000,10 +1014,7 @@
 	NOTE: http://trac.webkit.org/changeset/55511
 	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
-	- webkit <unfixed> (bug #577457)
-	- kdelibs <undetermined>
-	- kde4libs <undetermined>
-	- qt4-x11 <undetermined>
+	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
 	- chromium-browser <itp> (bug #520324) 
 	NOTE: http://trac.webkit.org/changeset/55822
 	NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in KURLGoogle.cpp

More information about the Secure-testing-commits mailing list