[Secure-testing-commits] r14906 - data/CVE

Fri Jun 25 20:15:15 UTC 2010

Author: derevko-guest
Date: 2010-06-25 20:15:13 +0000 (Fri, 25 Jun 2010)
New Revision: 14906

Modified:
   data/CVE/list
Log:
libv8 issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-06-25 01:44:46 UTC (rev 14905)
+++ data/CVE/list	2010-06-25 20:15:13 UTC (rev 14906)
@@ -2308,8 +2308,10 @@
 	RESERVED
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- libv8 <undetermined>
 	- webkit <not-affected> (doesn't use v8 bindings yet)
+	NOTE: http://trac.webkit.org/changeset/45826
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
+        NOTE: http://trac.webkit.org/changeset/57224
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (chromium-specific issue)
@@ -4902,8 +4904,8 @@
 	- webkit <not-affected> (chrome-specific issue)
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- libv8 <undetermined>
 	- webkit <not-affected> (libv8 issue)
+	NOTE: http://trac.webkit.org/changeset/52401
 CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (chrome-specific issue)
@@ -4964,11 +4966,11 @@
 	- kde4libs <undetermined> (medium)
 CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- libv8 <undetermined>
+	- libv8 2.1.6-1
 	- webkit <not-affected> (libv8 issue)
 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
 	- chromium-browser 5.0.375.29~r46008-1
-	- libv8 <undetermined>
+	- libv8 2.1.6-1
 	- webkit <not-affected> (libv8 issue)
 CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...)
 	- chromium-browser 5.0.375.29~r46008-1
@@ -10555,7 +10557,7 @@
 	NOT-FOR-US: Opera
 CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...)
 	- chromium-browser <not-affected> (Only 3.x is affected)
-	- libv8 <undetermined>
+	- libv8 1.3.11+dfsg-1
 	- webkit <not-affected> (libv8 issue)
 CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...)
 	- chromium-browser <not-affected> (Only 3.x is affected)
@@ -11868,7 +11870,7 @@
 	NOTE: Only a security issue if used against best practices
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
 	- chromium-browser <not-affected> (Only 2.x is affected)
-	- libv8 <undetermined>
+	- libv8 1.3.11+dfsg-1
 	- webkit <not-affected> (libv8 issue)
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
 	NOT-FOR-US: Programmed Integration PIPL
@@ -13362,7 +13364,7 @@
 	- webkit <not-affected> (chrome-specfic renderer issue)
 CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...)
 	- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
-	- libv8 <undetermined>
+	- libv8 1.3.11+dfsg-1
 	- webkit <not-affected> (libv8 issue)
 CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...)
 	{DSA-1848-1}
@@ -21370,7 +21372,7 @@
 	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
 CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
 	- chromium-browser <not-affected> (only 1.x is affected)
-	- libv8 <undetermined>	
+	- libv8 1.3.11+dfsg-1	
 	- webkit <not-affected> (libv8 issue)
 CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
 	NOT-FOR-US: Novell GroupWise


