[Secure-testing-commits] r15213 - data/CVE

Thu Aug 26 06:45:12 UTC 2010

Author: iuculano
Date: 2010-08-26 06:45:08 +0000 (Thu, 26 Aug 2010)
New Revision: 15213

Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-08-25 21:14:46 UTC (rev 15212)
+++ data/CVE/list	2010-08-26 06:45:08 UTC (rev 15213)
@@ -1,23 +1,50 @@
 CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...)
-	TODO: check
+	- chromium-browser 5.0.375.127~r55887-1
+	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
+	NOTE: http://trac.webkit.org/changeset/65329
+	NOTE: http://trac.webkit.org/changeset/65325
 CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...)
-	TODO: check
+	- chromium-browser 5.0.375.127~r55887-1
+	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
+	NOTE: http://trac.webkit.org/changeset/65090
 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...)
-	TODO: check
+	- chromium-browser 5.0.375.127~r55887-1
+	- webkit <not-affected> (chromium specific)
 CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the ...)
-	TODO: check
+	- chromium-browser 5.0.375.127~r55887-1
+	- webkit <not-affected> (chromium specific)
 CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME types, ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser 5.0.375.127~r55887-1
+	NOTE: http://trac.webkit.org/changeset/64293
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
+	NOTE: http://trac.webkit.org/changeset/65280
 CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser 5.0.375.127~r55887-1
+	NOTE: http://trac.webkit.org/changeset/63925
+	NOTE: http://trac.webkit.org/changeset/64077
 CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser 5.0.375.127~r55887-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
+	NOTE: http://trac.webkit.org/changeset/63773
 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser 5.0.375.127~r55887-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
+	NOTE: http://trac.webkit.org/changeset/63865
 CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file ...)
-	TODO: check
+	- webkit <undetermined>
+	- chromium-browser 5.0.375.127~r55887-1
 CVE-2010-3111 (Google Chrome before 5.0.375.127 does not properly mitigate an ...)
-	TODO: check
+	- chromium-browser 5.0.375.127~r55887-1
+	- webkit <not-affected> (chromium specific)
 CVE-2010-3110
 	RESERVED
 CVE-2010-XXXX [CouchDB insecure library loading]
@@ -493,7 +520,7 @@
 	NOTE: http://trac.webkit.org/changeset/63219
 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.125~r53311-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
 	NOTE: http://trac.webkit.org/changeset/62134
 CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...)
@@ -3458,6 +3485,8 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 	NOTE: is CVE-2010-2441 a dup of this?
+	NOTE: chromium-sec don't have info
+	NOTE: Sounds like it could be iPhone specific
 	TODO: someone with access to the webkit security list please track down the commit
 CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
 	NOT-FOR-US: Apple iPhone
@@ -3475,6 +3504,8 @@
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
 	NOTE: apple hasn't disclosed enough info to check
+	NOTE: From Apple's advisory: "This issue does not affect Mac OS X systems." Implies it may be outside of WebKit
+	NOTE: chromium-sec don't have info
 	TODO: someone with access to the webkit security list please track down the commit
 CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
 	- webkit 1.2.1-2


