[Secure-testing-commits] r15747 - data/CVE

Fri Dec 24 12:26:00 UTC 2010

Author: iuculano
Date: 2010-12-24 12:25:55 +0000 (Fri, 24 Dec 2010)
New Revision: 15747

Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-12-23 21:14:45 UTC (rev 15746)
+++ data/CVE/list	2010-12-24 12:25:55 UTC (rev 15747)
@@ -149,14 +149,14 @@
 CVE-2010-4577 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
 	TODO: check
 CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...)
-	- chromium-browser <unfixed> (bug #607843; low)
+	- chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
 CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in ...)
-	- chromium-browser <unfixed> (bug #607846; low)
+	- chromium-browser 6.0.472.63~r59945-4 (bug #607846; low)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=60761
 	NOTE: http://codereview.chromium.org/5326011/
 CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before ...)
-	- chromium-browser <unfixed> (bug #607848; low)
+	- chromium-browser 6.0.472.63~r59945-4 (bug #607848; low)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=56449
 	NOTE: http://codereview.chromium.org/4716006
 CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...)
@@ -486,8 +486,7 @@
 CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...)
 	NOT-FOR-US: TIBCO ActiveMatrix
 CVE-2010-4494 (Double free vulnerability in Google Chrome before 8.0.552.215 allows ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- libxml2 <unfixed> (bug #607922) 
 CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
@@ -504,26 +503,36 @@
 	- chromium-browser <undetermined>
 	- webkit <undetermined>
 CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser <unfixed> (unimportant)
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium issue)
+	NOTE: only a browser crash
 CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.63~r59945-3
+	- webkit <not-affected> (chromium issue)
 CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.63~r59945-3
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/71170
 CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the ...)
-	- chromium-browser <undetermined>
+	- chromium-browser <unfixed> (unimportant)
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/69914
+	NOTE: only a browser crash
 CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser <unfixed> (unimportant)
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
+	NOTE: only a browser crash
 CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.63~r59945-3
 	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
 CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...)
-	- chromium-browser <undetermined>
+	- chromium-browser <unfixed> (unimportant)
 	- webkit <undetermined>
+	NOTE: unimportant, bypass the pop-up blocker
+	NOTE: http://trac.webkit.org/changeset/69990
 CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...)
 	- phpmyadmin <unfixed>
 	TODO: check


