[Secure-testing-commits] r17472 - data/CVE

Giuseppe Iuculano iuculano at alioth.debian.org
Fri Oct 21 11:35:10 UTC 2011


Author: iuculano
Date: 2011-10-21 11:35:10 +0000 (Fri, 21 Oct 2011)
New Revision: 17472

Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-10-21 08:40:46 UTC (rev 17471)
+++ data/CVE/list	2011-10-21 11:35:10 UTC (rev 17472)
@@ -822,7 +822,8 @@
 	RESERVED
 CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-XXXX [Fix file indirectory injection]
 	- puppet 2.7.3-3 (unimportant)
 	[squeeze] - puppet 2.6.2-5+squeeze1
@@ -1935,10 +1936,10 @@
 CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	- chromium-browser 14.0.835.163~r101024-1
+	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
 	NOTE: duplicate
 CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	- chromium-browser 14.0.835.163~r101024-1
+	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
 	NOTE: duplicate
 CVE-2011-3419
 	RESERVED
@@ -3442,23 +3443,32 @@
 CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control ...)
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
-	- chromium-browser 14.0.835.202~r103287-1
+	- chromium-browser <not-affected> (chromium uses libv8 system copy)
 	- libv8 <undetermined>
 CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/95667 http://trac.webkit.org/changeset/95689 http://trac.webkit.org/changeset/95728
 CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/94984
 CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/95488
 CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/94508
 CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
 	- chromium-browser 14.0.835.202~r103287-1
-	- libv8 <undetermined>
+	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/95600
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	[squeeze] - chromium-browser <not-affected>




More information about the Secure-testing-commits mailing list