[Secure-testing-commits] r14619 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Fri May 7 10:06:49 UTC 2010 

Author: derevko-guest
Date: 2010-05-07 10:06:47 +0000 (Fri, 07 May 2010)
New Revision: 14619

Modified:
   data/CVE/list
Log:
Get in contact with chromium security team,
except for CVE-2009-2352 all recent CVEs are fixed in chromium 5.0.375.29~r46008-1.
Need to determine CVE-2009-3456 CVE-2009-2068 and CVE-2009-1598


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-05-06 20:56:54 UTC (rev 14618)
+++ data/CVE/list	2010-05-07 10:06:47 UTC (rev 14619)
@@ -495,31 +495,31 @@
 CVE-2010-1507
 	RESERVED
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (doesn't use v8 bindings yet)
 	TODO: recheck newer webkits
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <undetermined>
 	TODO: check
 CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...)
@@ -1263,23 +1263,23 @@
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://trac.webkit.org/changeset/55511
 	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
 	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://trac.webkit.org/changeset/55822
 	NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in KURLGoogle.cpp
 CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: issue in chrome-specific download dialog
 CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: chrome-specific and claimed windows-only
 CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...)
 	- webkit <not-affected> (v8 and webgl not yet included)
-	- chromium-browser <undetermined> 
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://trac.webkit.org/changeset/55376
 	TODO: recheck as newer webkits get uploaded
 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
@@ -1287,23 +1287,23 @@
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
 	- webkit <undetermined>
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	TODO: check
 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: chrome-specific issue
 CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: chrome-specific sandboxing issue
 CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: chrome-specific sandboxing issue
 CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
 	NOT-FOR-US: Sun Java System Communication Express
@@ -2938,36 +2938,36 @@
 	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
 	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
 CVE-2010-0664 (Stack consumption vulnerability in the ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit <not-affected> (no v8 code included yet)
 	TODO: recheck as newer webkits are uploaded
 CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
 CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: claimed to be a windows-only issue
 CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
 CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...)
 	- xulrunner <undetermined> (bug #570743)
 CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...)
@@ -2975,7 +2975,7 @@
 CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- qt4-x11 <undetermined> (low)
@@ -2983,7 +2983,7 @@
 	- kde4libs <undetermined> (low)
 	NOTE: http://trac.webkit.org/changeset/52784
 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (unimportant)
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
 	- qt4-x11 <undetermined> (unimportant)
@@ -2991,23 +2991,23 @@
 	- kde4libs <undetermined> (unimportant)
 	NOTE: unimportant because this is just a popup blocker bypass
 CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...)
 	- xulrunner <undetermined> (bug #570743)
 CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (medium)
 	- qt4-x11 <undetermined> (medium)
 	- kdelibs <undetermined> (medium)
 	- kde4libs <undetermined> (medium)
 CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
 	NOT-FOR-US: Cisco Collaboration Server
 CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3277,7 +3277,7 @@
 CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...)
 	NOT-FOR-US: IBM Cognos Express
 CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...)
-	- chromium-browser <undetermined> (low)
+	- chromium-browser 5.0.375.29~r46008-1
 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...)
 	NOT-FOR-US: LoganPro
 CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...)
@@ -3978,7 +3978,7 @@
 CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...)
 	NOT-FOR-US: Google SketchUp
 CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- qt4-x11 <undetermined>
@@ -11894,7 +11894,9 @@
 CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...)
 	- eaccelerator-src <itp> (bug #460341)
 CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...)
-	- chromium-browser <undetermined>
+	- chromium-browser <unfixed>
+	NOTE: chromium security team doesn't consider this a valid security issue
+	NOTE: http://crbug.com/40086
 CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...)
 	NOT-FOR-US: Opera
 CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...)

More information about the Secure-testing-commits mailing list