[Secure-testing-commits] r14956 - data/CVE

Sun Jul 4 08:19:27 UTC 2010

Author: derevko-guest
Date: 2010-07-04 08:19:20 +0000 (Sun, 04 Jul 2010)
New Revision: 14956

Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-07-03 15:34:42 UTC (rev 14955)
+++ data/CVE/list	2010-07-04 08:19:20 UTC (rev 14956)
@@ -740,8 +740,13 @@
 	NOTE: http://trac.webkit.org/changeset/59495
 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
-	NOTE: access to google bug report is restricted
+	- chromium-browser 5.0.375.70~r48679-1
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
+	NOTE: http://trac.webkit.org/changeset/57627
+	NOTE: http://trac.webkit.org/changeset/57658
+	NOTE: http://trac.webkit.org/changeset/57658
+	NOTE: http://trac.webkit.org/changeset/59769
+	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
 	- webkit <unfixed>
 	- chromium-browser 5.0.375.55~r47796-1
@@ -2080,7 +2085,7 @@
 	NOTE: http://trac.webkit.org/changeset/59876
 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
 	- webkit 1.2.1-3
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
 	NOTE: http://trac.webkit.org/changeset/59795
 CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...)
@@ -3224,7 +3229,7 @@
 	NOTE: http://trac.webkit.org/changeset/53446
 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
 	NOTE: http://trac.webkit.org/changeset/53446
 	TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
@@ -3323,14 +3328,14 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
 	NOTE: http://trac.webkit.org/changeset/56188
 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...)
-	- webkit <undetermined>
-	- chromium-browser <undetermined>
-	NOTE: not enough info disclosed to be able to check
-	TODO: someone with access to webkit security list please track down commit
+	- webkit <not-affected> (this is a bug in Apple's PDFKit)
+	- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
 CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
 	- webkit <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser <unfixed> (unimportant)
 	NOTE: not enough info disclosed to be able to check
+	NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
+	NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
 	TODO: someone with access to webkit security list please track down commit
 CVE-2010-1383
 	RESERVED
@@ -5830,7 +5835,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.2.1-1
-	- chromium-browser <undetermined>
+	- chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
 	NOTE: http://trac.webkit.org/changeset/58792
 	NOTE: http://trac.webkit.org/changeset/58796
@@ -16608,8 +16613,9 @@
 CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...)
 	NOT-FOR-US: Opera
 CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...)
-	- chromium-browser <undetermined>
+	- chromium-browser <unfixed> (unimportant)
 	- webkit <not-affected> (chrome-specific issue)
+	NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue
 CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
 	- xulrunner <undetermined> (bug #565521)
 CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...)


