[Secure-testing-commits] r16348 - data/CVE

Wed Mar 9 23:26:04 UTC 2011

Author: gilbert-guest
Date: 2011-03-09 23:26:03 +0000 (Wed, 09 Mar 2011)
New Revision: 16348

Modified:
   data/CVE/list
Log:
triage of incoming webkit issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-03-09 23:23:41 UTC (rev 16347)
+++ data/CVE/list	2011-03-09 23:26:03 UTC (rev 16348)
@@ -1,3 +1,8 @@
+CVE-2011-XXXX [xslt memory leak]
+	- libxslt <unfixed> (bug #617413)
+	NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
+CVE-2011-XXXX [v8 issues]
+        - libv8 <unfixed> (bug #617418)
 CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...)
 	TODO: check
 CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...)
@@ -397,7 +402,8 @@
 	NOT-FOR-US: FreeBSD/NetBSD libc
 CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (vulnerable code introduced in commit 75823)
+	TODO: recheck once webkit 1.3 enters unstable
 	NOTE: http://trac.webkit.org/changeset/78775
 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...)
 	- chromium-browser 9.0.597.107~r75357-1
@@ -409,37 +415,42 @@
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <undetermined>
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
+	TODO: ^ this bug is embargoed, please note the commit #
 CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
+        NOTE: needs port (s/logicalBottom/bottom)
 	NOTE: http://trac.webkit.org/changeset/77565
 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (webgl support not present in 1.2)
+	TODO: recheck webkit 1.3 once its uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/77956
 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (device orientation code/support not present in 1.2)
+	TODO: recheck webkit 1.3 once its uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/77418
 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/77144
 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/77262
 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/77548
 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/76915
 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state)
+	TODO: check webkit 1.3 once it enters unstable
 	NOTE: http://trac.webkit.org/changeset/77141
 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...)
 	- chromium-browser 9.0.597.107~r75357-1
@@ -449,22 +460,25 @@
 	- webkit <not-affected> (Chromium specific)
 CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
+	NOTE: needs port (s/FormAssociatedElement/HTMLFormElement)
 	NOTE: http://trac.webkit.org/changeset/77114
 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (vulnerable code not present in 1.2)
+	TODO: check webkit 1.3 once it gets uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/76828
 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <unfixed>
 	NOTE: http://trac.webkit.org/changeset/76728
 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...)
 	- chromium-browser 9.0.597.107~r75357-1
 	- webkit <not-affected> (Chromium specific)
 CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...)
 	- chromium-browser 9.0.597.107~r75357-1
-	- webkit <undetermined>
+	- webkit <not-affected> (history controller code not present in 1.2)
+	TODO: recheck webkit 1.3 once it gets uploaded to unstable
 	NOTE: http://trac.webkit.org/changeset/76205
 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
 	NOT-FOR-US: IBM Lotus Sametime
@@ -613,7 +627,9 @@
 	NOT-FOR-US: WSN Guest
 CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...)
 	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- webkit <not-affected> (history controller code not present in 1.2)
+	TODO: recheck webkit 1.3 once it enters unstable
+	NOTE: http://trac.webkit.org/changeset/77705
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
 	NOT-FOR-US: s389 LDAP server
 CVE-2011-XXXX [ADC path traversal]
@@ -907,9 +923,9 @@
 CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, ...)
 	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1
-	- webkit <undetermined>
+	- webkit <not-affected> (doesn't include v8 code)
 	NOTE: http://trac.webkit.org/changeset/76264
-	TODO: ^ this has to be the wrong commit, its a vp8 fix, but that doesn't match the description at all
+	TODO: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
 CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous ...)
 	{DSA-2166-1}
 	- chromium-browser 9.0.597.98~r74359-1


