[Secure-testing-commits] r17321 - data/CVE

Wed Sep 28 14:24:00 UTC 2011

Author: iuculano
Date: 2011-09-28 14:24:00 +0000 (Wed, 28 Sep 2011)
New Revision: 17321

Modified:
   data/CVE/list
Log:
Chromium/webkit issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2011-09-28 13:30:35 UTC (rev 17320)
+++ data/CVE/list	2011-09-28 14:24:00 UTC (rev 17321)
@@ -881,11 +881,11 @@
 CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	- chromium-browser <unfixed>
-	- webkit <undetermined>
+	- chromium-browser 14.0.835.163~r101024-1
+	NOTE: duplicate
 CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	- chromium-browser <unfixed>
-	- webkit <undetermined>
+	- chromium-browser 14.0.835.163~r101024-1
+	NOTE: duplicate
 CVE-2011-3419
 	RESERVED
 CVE-2011-3418
@@ -1350,7 +1350,9 @@
 	RESERVED
 CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
 	- chromium-browser 14.0.835.163~r101024-1
+	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/92132
 CVE-2011-3233
 	RESERVED
 CVE-2011-3232
@@ -2359,10 +2361,14 @@
 	RESERVED
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (libv8 issue)
+	- libv8 <undetermined>
+	TODO: file bug
 CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2873
 	RESERVED
 CVE-2011-2872
@@ -2383,50 +2389,69 @@
 	RESERVED
 CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2863
 	RESERVED
 CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...)
-	TODO: check
+	- chromium-browser <not-affected> (pdf plugin)
 CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
 	- chromium-browser 14.0.835.163~r101024-1
+	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/93794
 CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/93514
 CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
+	- webkit <not-affected>
+	- libv8 3.4.14.21-1
 CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
 	- chromium-browser 14.0.835.163~r101024-1
+	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/93227
 CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
 	- chromium-browser 14.0.835.163~r101024-1
+	[squeeze] - chromium-browser <not-affected>
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/94109 http://trac.webkit.org/changeset/94543
 CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
+	- webkit <not-affected>
+	- libv8 3.4.14.21-1
 CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 ...)
 	- chromium-browser 14.0.835.163~r101024-1
-	- webkit <undetermined>
+	[squeeze] - chromium-browser <not-affected>
+	- webkit <not-affected> (chromium specific)
 CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	- webkit <undetermined>


