[Secure-testing-commits] r14968 - data/CVE

Michael Gilbert gilbert-guest at alioth.debian.org
Wed Jul 7 01:11:44 UTC 2010 

Author: gilbert-guest
Date: 2010-07-07 01:11:42 +0000 (Wed, 07 Jul 2010)
New Revision: 14968

Modified:
   data/CVE/list
Log:
webkit triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-07-06 22:29:42 UTC (rev 14967)
+++ data/CVE/list	2010-07-07 01:11:42 UTC (rev 14968)
@@ -381,7 +381,11 @@
 CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...)
 	NOT-FOR-US: Opera
 CVE-2010-2454 (Apple Safari does not properly manage the address bar between the ...)
-	- webkit <undetermined>
+	- webkit <not-affected> (iceweasel/safari-specific issues)
+	- chromium-browser <not-affected> (iceweasel/safari-specific issues)
+	NOTE: i tested both firefox and safari poc's, and neither of them caused the
+	NOTE: address bar to be spoofed in either webkit or chrome
+	NOTE: this will be address in iceweasel in cve-2010-1206 
 CVE-2010-2453
 	RESERVED
 CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
@@ -410,10 +414,10 @@
 CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
-	- webkit <unfixed> (low)
+	- webkit 1.2.1-3 (low)
 	- chromium-browser 5.0.375.55~r47796-1
-	NOTE: poc seems to work, but only intermitently (maybe every 20th character)
 	NOTE: http://trac.webkit.org/changeset/58829
+	NOTE: above patch for cve-2010-1773 fixes the problem, so this seems to be a dup
 CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...)
 	NOT-FOR-US: Subtitle Translation Wizard
 CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...)
@@ -708,26 +712,31 @@
 CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...)
 	NOT-FOR-US: Symantec Sygate Personal Firewall
 CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...)
-	- webkit <unfixed> (medium; bug #586547)
+	- webkit 1.2.1-3 (medium; bug #586547)
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59950
+	NOTE: duplicate of cve-2010-1773
 CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...)
-	- webkit <unfixed>
+	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59859
+	NOTE: duplicate of cve-2010-1772
 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
-	- webkit <unfixed>
+	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59876
+	NOTE: duplicate of cve-2010-1771
 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...)
-	- webkit <unfixed>
+	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59241
 	NOTE: http://trac.webkit.org/changeset/59242
+	NOTE: duplicate of cve-2010-1762
 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...)
-	- webkit <undetermined>
+	- webkit 1.2.1-3
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: http://trac.webkit.org/changeset/59109 
+	NOTE: duplicate of cve-2010-1759
 CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...)
 	- webkit <not-affected> (chromium-specific)
 	- chromium-browser 5.0.375.70~r48679-1
@@ -735,11 +744,11 @@
 	- webkit <not-affected> (chromium-specific)
 	- chromium-browser 5.0.375.70~r48679-1
 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
-	- webkit <unfixed>
+	- webkit 1.2.1-3 
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/59495
 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
-	- webkit <undetermined>
+	- webkit 1.2.1-2
 	- chromium-browser 5.0.375.70~r48679-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
 	NOTE: http://trac.webkit.org/changeset/57627
@@ -748,7 +757,7 @@
 	NOTE: http://trac.webkit.org/changeset/59769
 	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
-	- webkit <unfixed>
+	- webkit 1.2.1-3 
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/58829
 CVE-2009-4900
@@ -823,6 +832,7 @@
 CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
 	- webkit <undetermined>
 	- chromium-browser <undetermined>
+	TODO: someone with access to webkit security list please track down commit
 CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...)
 	- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
 CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...)
@@ -1219,11 +1229,11 @@
 	NOT-FOR-US: Pacific Timesheet 
 CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...)
 	- chromium-browser 5.0.375.55~r47796-1
-	- webkit <unfixed>
+	- webkit <not-affected> (issue in chrome's libv8 bindings)
 	NOTE: http://trac.webkit.org/changeset/58229
 CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
 	- chromium-browser 5.0.375.55~r47796-1
-	- webkit <unfixed>
+	- webkit 1.2.1-2
 	NOTE: http://trac.webkit.org/changeset/58441
 CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
 	- chromium-browser 5.0.375.55~r47796-1
@@ -3330,12 +3340,10 @@
 	- webkit <not-affected> (this is a bug in Apple's PDFKit)
 	- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
 CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
-	- webkit <undetermined>
+	- webkit <undetermined> (unimportant)
 	- chromium-browser <unfixed> (unimportant)
-	NOTE: not enough info disclosed to be able to check
 	NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
 	NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
-	TODO: someone with access to webkit security list please track down commit
 CVE-2010-1383
 	RESERVED
 CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)

More information about the Secure-testing-commits mailing list