[Secure-testing-commits] r19027 - data/CVE

Fri Apr 20 21:40:20 UTC 2012

Author: mgilbert
Date: 2012-04-20 21:40:20 +0000 (Fri, 20 Apr 2012)
New Revision: 19027

Modified:
   data/CVE/list
Log:
research some libv8 issues

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2012-04-20 21:40:00 UTC (rev 19026)
+++ data/CVE/list	2012-04-20 21:40:20 UTC (rev 19027)
@@ -11686,7 +11686,9 @@
 CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP ...)
 	- chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote ...)
-	- libv8 <unfixed>
+	- libv8 <undetermined>
+	NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
+	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
 	- chromium-browser 17.0.963.83~r127885-1
 CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does not ...)
@@ -12296,7 +12298,9 @@
 	NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
 	- chromium-browser <not-affected> (chromium uses libv8 system copy)
-	- libv8 <unfixed>
+	- libv8 <undetermined>
+	NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
+	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
 	- chromium-browser 14.0.835.202~r103287-1
 	[squeeze] - chromium-browser <not-affected>
@@ -12326,7 +12330,8 @@
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <not-affected> (libv8 issue)
 	- libv8 <undetermined>
-	TODO: file bug
+	NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
+	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	[squeeze] - chromium-browser <not-affected>
@@ -13943,7 +13948,7 @@
 	- webkit <undetermined>
 	NOTE: http://trac.webkit.org/changeset/88456
 CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
-	- libv8 <unfixed>
+	- libv8 3.4.14-1  
 	NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
 CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
 	- chromium-browser 12.0.742.112~r90304-1
@@ -14375,7 +14380,8 @@
 	NOT-FOR-US: Microsoft
 CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote ...)
 	- chromium-browser 12.0.742.91~r87961-1
-	- libv8 <undetermined>
+	- libv8 3.4.14-1
+	NOTE: execScript removed in libv8 3.2 branch
 CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media ...)
 	{DSA-2257-1}
 	- vlc 1.1.10-1


