[Secure-testing-commits] r15572 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Nov 9 03:49:33 UTC 2010
Author: gilbert-guest
Date: 2010-11-09 03:49:27 +0000 (Tue, 09 Nov 2010)
New Revision: 15572
Modified:
data/CVE/list
Log:
more webkit triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-11-08 13:59:22 UTC (rev 15571)
+++ data/CVE/list 2010-11-09 03:49:27 UTC (rev 15572)
@@ -249,16 +249,17 @@
- webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue with chromium sandbox)
- chromium-browser <undetermined>
CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/68446
CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...)
- - webkit <undetermined>
+ - webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue)
- chromium-browser <undetermined>
CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium code base)
- chromium-browser <undetermined>
CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...)
- webkit <undetermined>
@@ -267,14 +268,16 @@
- webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium code base)
- chromium-browser <undetermined>
CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium code base)
- chromium-browser <undetermined>
CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now)
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/63786
+ NOTE: http://trac.webkit.org/changeset/67240
CVE-2010-4032
NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4031
@@ -988,8 +991,9 @@
CVE-2010-3731 (Buffer overflow in the Administration Server component in IBM DB2 UDB ...)
NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in libv8)
- chromium-browser 6.0.472.62~r59676-1
+ - libv8 <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700
NOTE: http://trac.webkit.org/changeset/67509
CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...)
@@ -1834,12 +1838,12 @@
- webkit <not-affected> (chromium specific)
- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium-specific code)
- chromium-browser 6.0.472.59~r59126-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960
NOTE: http://trac.webkit.org/changeset/66689
CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement ...)
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium-specific code)
- chromium-browser 6.0.472.59~r59126-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112
NOTE: http://trac.webkit.org/changeset/66837
@@ -2228,11 +2232,12 @@
NOTE: chromium specific
CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <undetermined>
- NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812 http://trac.webkit.org/changeset/66052
+ - webkit 1.2.5-1
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
+ NOTE: http://trac.webkit.org/changeset/66052
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/65135
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -2254,11 +2259,11 @@
NOTE: chromium specific
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <undetermined>
+ - webkit 1.2.5-1
NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...)
- chromium-browser 6.0.472.53~r57914-1
@@ -2266,7 +2271,7 @@
NOTE: chromium specific
CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank ...)
- chromium-browser 6.0.472.53~r57914-1
- - webkit <undetermined>
+ - webkit <not-affected> (vulnerable code not present in 1.2.x series)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541 https://bugs.webkit.org/show_bug.cgi?id=44969
NOTE: http://trac.webkit.org/changeset/66742
CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite ...)
@@ -3197,7 +3202,6 @@
- chromium-browser 5.0.375.125~r53311-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
NOTE: http://trac.webkit.org/changeset/62134
- NOTE: duplicate of cve-2010-1783
CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...)
- webkit <not-affected> (chromium specific issue)
- chromium-browser 5.0.375.125~r53311-1
@@ -6023,11 +6027,11 @@
CVE-2010-1826
RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser 6.0.472.59~r59126-1
NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...)
@@ -6036,7 +6040,7 @@
NOTE: http://trac.webkit.org/changeset/65958
TODO: recheck chromium, was wrong commit
CVE-2010-1822 (WebKit, as used in Google Chrome before 6.0.472.62, does not properly ...)
- - webkit <undetermined>
+ - webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
- chromium-browser 6.0.472.62~r59676-1
CVE-2010-1821
RESERVED
@@ -6086,6 +6090,8 @@
CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...)
- webkit <undetermined>
- chromium-browser 5.0.375.127~r55887-1
+ NOTE: http://trac.webkit.org/changeset/63772
+ NOTE: duplicate of cve-2010-1782
CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...)
- webkit <not-affected> (windows-specific issue)
- chromium-browser <not-affected> (windows-specific issue)
@@ -6165,7 +6171,6 @@
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit <undetermined>
- chromium-browser 5.0.375.127~r55887-1
- NOTE: duplicated as cve-2010-2899
NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-3114
CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.4-1
@@ -6299,11 +6304,7 @@
CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
NOT-FOR-US: Apple Application Sandbox
CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...)
- - webkit <undetermined>
- - chromium-browser <undetermined>
- NOTE: apple hasn't disclosed enough info to check
- NOTE: From Apple's advisory: "This issue does not affect Mac OS X systems." Implies it may be outside of WebKit
- NOTE: chromium-sec don't have info
+ NOT-FOR-US: Apple Safari
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
- chromium-browser 5.0.342.9~r43360-1
More information about the Secure-testing-commits
mailing list