[Secure-testing-commits] r14605 - data/CVE

Raphael Geissert geissert at alioth.debian.org
Wed May 5 18:59:41 UTC 2010


Author: geissert
Date: 2010-05-05 18:59:40 +0000 (Wed, 05 May 2010)
New Revision: 14605

Modified:
   data/CVE/list
Log:
chromium-browser is now in experimental, oh dear


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-04 16:42:46 UTC (rev 14604)
+++ data/CVE/list	2010-05-05 18:59:40 UTC (rev 14605)
@@ -445,31 +445,31 @@
 CVE-2010-1507
 	RESERVED
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <not-affected> (doesn't use v8 bindings yet)
 	TODO: recheck newer webkits
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...)
@@ -1214,23 +1214,23 @@
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	NOTE: http://trac.webkit.org/changeset/55511
 	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
 	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	NOTE: http://trac.webkit.org/changeset/55822
 	NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in KURLGoogle.cpp
 CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	NOTE: issue in chrome-specific download dialog
 CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	NOTE: chrome-specific and claimed windows-only
 CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...)
 	- webkit <not-affected> (v8 and webgl not yet included)
-	- chromium-browser <itp> (bug #520324) 
+	- chromium-browser <undetermined> 
 	NOTE: http://trac.webkit.org/changeset/55376
 	TODO: recheck as newer webkits get uploaded
 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
@@ -1238,23 +1238,23 @@
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
 	- webkit <undetermined>
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	TODO: check
 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	NOTE: chrome-specific issue
 CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	NOTE: chrome-specific sandboxing issue
 CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	NOTE: chrome-specific sandboxing issue
 CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Communication Express
@@ -2890,36 +2890,36 @@
 	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
 CVE-2010-0664 (Stack consumption vulnerability in the ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit <not-affected> (no v8 code included yet)
 	TODO: recheck as newer webkits are uploaded
 CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (low)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
 CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	NOTE: claimed to be a windows-only issue
 CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (low)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
 CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...)
 	- xulrunner <undetermined> (bug #570743)
 CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
@@ -2927,7 +2927,7 @@
 CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (low)
 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- qt4-x11 <undetermined> (low)
@@ -2935,7 +2935,7 @@
 	- kde4libs <undetermined> (low)
 	NOTE: http://trac.webkit.org/changeset/52784
 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (unimportant)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
 	- qt4-x11 <undetermined> (unimportant)
@@ -2943,23 +2943,23 @@
 	- kde4libs <undetermined> (unimportant)
 	NOTE: unimportant because this is just a popup blocker bypass
 CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...)
 	- xulrunner <undetermined> (bug #570743)
 CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (medium)
 	- qt4-x11 <undetermined> (medium)
 	- kdelibs <undetermined> (medium)
 	- kde4libs <undetermined> (medium)
 CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
-	- chromium-browser <itp> (bug #520334)
+	- chromium-browser <undetermined>
 CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
 	NOT-FOR-US: Cisco Collaboration Server
 CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3229,7 +3229,7 @@
 CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...)
 	NOT-FOR-US: IBM Cognos Express
 CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...)
-	- chromium-browser <itp> (low; bug #520334)
+	- chromium-browser <undetermined> (low)
 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...)
 	NOT-FOR-US: LoganPro
 CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...)
@@ -3941,7 +3941,7 @@
 CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...)
 	NOT-FOR-US: Google SketchUp
 CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	- webkit 1.1.21-1 (low)
 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- qt4-x11 <undetermined>
@@ -6563,18 +6563,18 @@
 CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
 	NOT-FOR-US: IBM BladeCenter
 CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (low)
 CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
 	- webkit <not-affected> (chromium-specific issue in their timer)
 	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
 	- kdelibs <not-affected> (chromium-specific issue in their timer)
 	- kde4libs <not-affected> (chromium-specific issue in their timer)
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (low)
 CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (low)
 	NOTE: gears is only implemented in chromium
 CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (low)
 CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
 	- file 5.03-1
 	[lenny] - file <not-affected>
@@ -8021,7 +8021,7 @@
 CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
 	NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
 CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-3454
@@ -8521,7 +8521,7 @@
 CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Opera
 CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
@@ -8529,9 +8529,9 @@
 CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...)
 	NOT-FOR-US: Opera
 CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...)
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (low)
 	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
 	NOTE: other browsers are not affected (only chrome and opera)
 CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
@@ -8569,7 +8569,7 @@
 CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX ...)
 	NOT-FOR-US: MyBuxScript PTC-BUX
 CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Opera
 CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...)
@@ -9460,7 +9460,7 @@
 CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
 	NOTE: This is a web site issue (open redirector), not a browser problem.
 CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
-	- chromium-browser <itp> (bug #520324; unimportant)
+	- chromium-browser <undetermined> (unimportant)
 	NOTE: This is a web site issue (open redirector), not a browser problem.
 CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
 	NOTE: This is a web site issue (open redirector), not a browser problem.
@@ -9613,9 +9613,9 @@
 	NOTE: browser crashes not treated as security issues
 	NOTE: not reproducible, probably only Firefox in Windows XP is affected
 CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...)
 	NOT-FOR-US: Sun Solaris
 CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...)
@@ -9703,7 +9703,7 @@
 CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
 	NOT-FOR-US: IBM WebSphere
 CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
 	NOT-FOR-US: Microsoft
 CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
@@ -9762,7 +9762,7 @@
 CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...)
 	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
 CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
 	NOT-FOR-US: One-News
 CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...)
@@ -9831,7 +9831,7 @@
 	- varnish 2.1.0-2 (unimportant)
 	NOTE: Only a security issue if used against best practices
 CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
 	NOT-FOR-US: Programmed Integration PIPL
 CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
@@ -10338,15 +10338,15 @@
 CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote ...)
 	NOT-FOR-US: phpAuction
 CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, ...)
 	NOT-FOR-US: Siemens Gigaset WLAN Camera
 CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, ...)
@@ -11243,7 +11243,7 @@
 CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward ...)
 	NOT-FOR-US: CS-Cart
 CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Opera
 CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
@@ -11309,9 +11309,9 @@
 CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
 	NOT-FOR-US: Admin News Tools 
 CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...)
 	{DSA-1848-1}
 	- znc 0.074-1 (medium; bug #537977)
@@ -11857,7 +11857,7 @@
 CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...)
 	- eaccelerator-src <itp> (bug #460341)
 CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...)
 	NOT-FOR-US: Opera
 CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...)
@@ -12510,7 +12510,7 @@
 CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari ...)
 	NOT-FOR-US: Photoracer plugin for WordPress
 CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...)
 	{DSA-1822-1}
 	- mahara 1.1.5-1 (low)
@@ -12654,13 +12654,13 @@
 CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT ...)
 	NOT-FOR-US: Opera
 CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2009-2068 (Google Chrome detects http content in https web pages only when the ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2067 (Opera detects http content in https web pages only when the top-level ...)
 	NOT-FOR-US: Opera
 CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...)
@@ -12676,7 +12676,7 @@
 CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...)
 	- xulrunner <undetermined> (bug #565521)
 CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine ...)
 	NOT-FOR-US: Opera
 CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the ...)
@@ -12907,7 +12907,7 @@
 	[etch] - kdebase <no-dsa> (Minor issue)
 	- w3m <unfixed> (unimportant; bug #532521)
 	NOTE: w3m doesn't have Javascript support and the boundary issue is harmles
-	- chromium-browser <itp> (low; bug #520324)
+	- chromium-browser <undetermined> (bug #520324)
 	- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
 	NOTE: lynx doesn't have Javascript and form-data support
 	- dillo <not-affected> (bug #532522)
@@ -14037,7 +14037,7 @@
 CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...)
 	NOT-FOR-US: Opera
 CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
 	- xulrunner <undetermined> (bug #565521)
 CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...)
@@ -14281,7 +14281,7 @@
 CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX ...)
 	NOT-FOR-US: ActiveX
 CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 	- webkit <unfixed> (bug #578982)
 	- qt4-x11 <undetermined>
 	- kdebase <undetermined>
@@ -14529,7 +14529,7 @@
 CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x ...)
 	NOT-FOR-US: skia
 CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits&lt;SkBitmap&gt;::Read function ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
 	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
 	- linux-2.6 2.6.29-2 (bug #523365)
@@ -14605,11 +14605,11 @@
 	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
 	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
 CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
 	- iodine 0.5.1 (low)
 	[lenny] - iodine 0.4.2-2~lenny1 
@@ -18772,7 +18772,7 @@
 CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...)
 	NOT-FOR-US: Interspire Shopping Cart
 CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...)
@@ -18859,7 +18859,7 @@
 CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...)
 	NOT-FOR-US: RealPlayer
 CVE-2009-0374 (** DISPUTED ** ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
 	NOT-FOR-US: Joomla
 CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...)
@@ -19301,7 +19301,7 @@
 	- moin 1.8.1-1.1 (low)
 	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
 CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
 	NOT-FOR-US: Novell GroupWise
 CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...)
@@ -20377,7 +20377,7 @@
 CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-5749 (** DISPUTED ** ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php ...)
 	NOT-FOR-US: BloofoxCMS
 CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass ...)
@@ -23975,7 +23975,7 @@
 CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
 	NOT-FOR-US: MyBlog
 CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <undetermined>
 CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...)
 	NOT-FOR-US: Symantec Veritas NetBackup Server
 CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...)




More information about the Secure-testing-commits mailing list