[Secure-testing-commits] r17959 - data/CVE
Giuseppe Iuculano
iuculano at alioth.debian.org
Sun Jan 1 15:48:24 UTC 2012
Author: iuculano
Date: 2012-01-01 15:48:24 +0000 (Sun, 01 Jan 2012)
New Revision: 17959
Modified:
data/CVE/list
Log:
chromium/webkit issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-01 15:02:07 UTC (rev 17958)
+++ data/CVE/list 2012-01-01 15:48:24 UTC (rev 17959)
@@ -1123,8 +1123,9 @@
CVE-2011-4720
RESERVED
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
+ NOTE: Duplicate for chromebooks
CVE-2011-4718
RESERVED
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows ...)
@@ -1280,11 +1281,11 @@
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <unfixed> (unimportant)
+ - webkit <undetermined> (unimportant)
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <unfixed> (unimportant)
+ - webkit <undetermined> (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the ...)
NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of ...)
@@ -1312,8 +1313,8 @@
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before ...)
- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...)
NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and ...)
@@ -1321,8 +1322,8 @@
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly ...)
NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...)
NOT-FOR-US: Opera
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, ...)
@@ -1679,8 +1680,9 @@
CVE-2010-5063
RESERVED
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
+ NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Zen Cart
CVE-2011-4546
@@ -3679,98 +3681,137 @@
CVE-2011-3918
RESERVED
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected>
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (v8-i18n chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote ...)
- libxml2 <unfixed> (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3902
RESERVED
CVE-2011-3901
RESERVED
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ - libv8 3.5.10.24
+ [squeeze] - chromium-browser <not-affected>
+ [squeeze] - libv8 <not-affected>
CVE-2011-3899
RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...)
- - chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - chromium-browser 15.0.874.121~r109964-1 (unimportant)
+ - webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
- TODO: might affect libvorbis or libav, didn't check
+ - webkit <not-affected> (Chrome issue)
+ - ffmpeg <undetermined>
+ - libav <unfixed>
+ TODO: file buf for ffmpeg/libav : http://src.chromium.org/viewvc/chrome?view=rev&revision=107826
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
- TODO: check
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ - libav <unfixed>
+ [squeeze] - chromium-browser <not-affected>
TODO: might affect libtheora or libav
+ NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
+ - libav <unfixed>
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
TODO: might affect libtheora or libav
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <no-dsa> (minor issue)
+ NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
More information about the Secure-testing-commits
mailing list