[Secure-testing-commits] r17620 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Nov 16 18:42:34 UTC 2011
Author: jmm
Date: 2011-11-16 18:42:34 +0000 (Wed, 16 Nov 2011)
New Revision: 17620
Modified:
data/CVE/list
Log:
NFUs
new chromium issues (some might also affect packages embedded by
chromium, Guiseppe, can you investigate these?)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-11-16 09:14:18 UTC (rev 17619)
+++ data/CVE/list 2011-11-16 18:42:34 UTC (rev 17620)
@@ -1451,11 +1451,11 @@
CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute ...)
- chasen <unfixed> (medium; bug #648359)
CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader ...)
- TODO: check
+ NOT-FOR-US: Iwate Portal Bar
CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and ...)
- TODO: check
+ NOT-FOR-US: Apple WebObjects
CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote ...)
- TODO: check
+ NOT-FOR-US: Opengear
CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote ...)
NOT-FOR-US: CSWorks
CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 ...)
@@ -1479,7 +1479,7 @@
CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows ...)
NOT-FOR-US: Pligg
CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows ...)
- TODO: check
+ NOT-FOR-US: Plume
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
@@ -1701,19 +1701,30 @@
CVE-2011-3899
RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
+ TODO: might affect libvorbis or libav, didn't check
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...)
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
TODO: check
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...)
- TODO: check
+ - chromium-browser <unfixed>
+ - webkit <undetermined>
+ TODO: might affect libtheora or libav
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...)
- TODO: check
+ - chromium-browser <undetermined>
+ - webkit <undetermined>
+ TODO: might affect libtheora or libav
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
More information about the Secure-testing-commits
mailing list