[Secure-testing-commits] r20415 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Mon Oct 29 18:15:41 UTC 2012
Author: jmm
Date: 2012-10-29 18:15:41 +0000 (Mon, 29 Oct 2012)
New Revision: 20415
Modified:
data/CVE/list
Log:
- phpmyadmin not-affected
- first stab at eliminating false positives in debsecan by dropping
<undetermined> entries for webkit. Since webkit isn't supported
noone is triaging these and it's doing more harm than good.
noted by pabs on Planet Debian
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-29 08:47:14 UTC (rev 20414)
+++ data/CVE/list 2012-10-29 18:15:41 UTC (rev 20415)
@@ -649,7 +649,7 @@
CVE-2012-5369
RESERVED
CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...)
- - phpmyadmin <unfixed> (bug #691728)
+ - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5367
RESERVED
CVE-2012-5366
@@ -746,7 +746,7 @@
CVE-2012-5340
RESERVED
CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- - phpmyadmin <unfixed> (bug #691728)
+ - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5338
RESERVED
CVE-2012-5337
@@ -5065,45 +5065,45 @@
CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated ...)
NOT-FOR-US: Apple Xcode
CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3692 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3688 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3687 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3685 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3684 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3677 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3676 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
@@ -5111,7 +5111,7 @@
CVE-2012-3675 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3673 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3672 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
@@ -10448,7 +10448,7 @@
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
- chromium-browser 18.0.1025.168~r134367-1
CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-1519
RESERVED
CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, ...)
@@ -12485,9 +12485,9 @@
CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...)
NOT-FOR-US: XnView
CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all ...)
NOT-FOR-US: Apple Remote Desktop
CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete ...)
@@ -12555,9 +12555,9 @@
CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...)
NOT-FOR-US: Apple Mac OS X
CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows ...)
NOT-FOR-US: VPN in Apple iOS
CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...)
@@ -12571,117 +12571,117 @@
CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request ...)
NOT-FOR-US: Apple iOS
CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement "From ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...)
- NOT-FOR-US: Apple Safari
+ NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...)
NOT-FOR-US: Apple Safari
CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
@@ -15195,10 +15195,8 @@
NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <undetermined> (unimportant)
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <undetermined> (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the ...)
NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of ...)
@@ -17490,63 +17488,45 @@
- ffmpeg-debian <end-of-life>
CVE-2011-3972 (The shader translator implementation in Google Chrome before ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3971 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote ...)
- libxslt 1.1.26-11 (low; bug #660650)
[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3968 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3967 (Unspecified vulnerability in Google Chrome before 17.0.963.46 allows ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3966 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3965 (Google Chrome before 17.0.963.46 does not properly check signatures, ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3964 (Google Chrome before 17.0.963.46 does not properly implement the ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX ...)
- chromium-browser <not-affected> (Only affects proprietary Chrome)
CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3961 (Race condition in Google Chrome before 17.0.963.46 allows remote ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3960 (Google Chrome before 17.0.963.46 does not properly decode audio data, ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3959 (Buffer overflow in the locale implementation in Google Chrome before ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3958 (Google Chrome before 17.0.963.46 does not properly perform casts of ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3955 (Google Chrome before 17.0.963.46 allows remote attackers to cause a ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3954 (Google Chrome before 17.0.963.46 allows remote attackers to cause a ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of the ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 ...)
{DSA-2494-1}
- libav 4:0.8.1-1
@@ -17612,42 +17592,32 @@
- ffmpeg <removed>
CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 ...)
- chromium-browser 16.0.912.77~r118311-1
- - webkit <undetermined>
CVE-2011-3927 (Skia, as used in Google Chrome before 16.0.912.77, does not perform ...)
- chromium-browser 16.0.912.77~r118311-1
- - webkit <undetermined>
CVE-2011-3926 (Heap-based buffer overflow in the tree builder in Google Chrome before ...)
- chromium-browser 16.0.912.77~r118311-1
- - webkit <undetermined>
CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Google ...)
- chromium-browser 16.0.912.77~r118311-1
- - webkit <undetermined>
CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 ...)
- chromium-browser 16.0.912.77~r118311-1
- - webkit <undetermined>
CVE-2011-3923
RESERVED
CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...)
- chromium-browser 16.0.912.75~r116452-1
- - webkit <undetermined>
CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75 ...)
- chromium-browser 16.0.912.75~r116452-1
- - webkit <undetermined>
CVE-2011-3920
RESERVED
CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before ...)
{DSA-2394-1}
- chromium-browser 16.0.912.75~r116452-1
- - webkit <undetermined>
- libxml2 2.7.8.dfsg-7 (bug #656377)
CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests ...)
NOT-FOR-US: Android
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross ...)
- chromium-browser <not-affected> (Chrome pdf plugin)
- - webkit <not-affected>
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote ...)
- chromium-browser <not-affected> (Chrome pdf plugin)
- webkit <not-affected> (Chrome pdf plugin)
@@ -17657,12 +17627,10 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF ...)
@@ -17674,12 +17642,10 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows ...)
@@ -17694,7 +17660,6 @@
- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
- chromium-browser 16.0.912.63~r113337-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex ...)
@@ -17718,7 +17683,6 @@
- webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...)
@@ -17759,22 +17723,18 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <no-dsa> (minor issue)
NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...)
@@ -17785,7 +17745,6 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97402
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address timing ...)
@@ -17793,7 +17752,6 @@
- webkit <not-affected> (Chrome issue)
[squeeze] - chromium-browser <not-affected>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
- - webkit <undetermined>
- chromium-browser 15.0.874.106~r107270-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96632
@@ -17803,7 +17761,6 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3881 (Google Chrome before 15.0.874.102 allows remote attackers to bypass ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97353
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an ...)
@@ -17811,11 +17768,9 @@
- webkit <not-affected> (Chrome issue)
CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to ...)
- chromium-browser 15.0.874.106~r107270-1 (unimportant)
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/96610
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows remote ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96999
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache internals ...)
@@ -17824,7 +17779,6 @@
[squeeze] - chromium-browser <not-affected>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle downloading ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag and ...)
- chromium-browser 15.0.874.106~r107270-1 (unimportant)
- webkit <not-affected> (Chrome issue)
@@ -19599,40 +19553,30 @@
NOT-FOR-US: Apple iOS
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X ...)
NOT-FOR-US: Apple Safari
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3240
RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 7.0-1
@@ -20188,43 +20132,31 @@
RESERVED
CVE-2011-3027 (Google Chrome before 17.0.963.56 does not properly perform a cast of ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before ...)
{DSA-2410-1}
- libpng 1.2.46-5 (high; bug #660026)
CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3023 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3022 (translate/translate_manager.cc in Google Chrome before 17.0.963.56 and ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3021 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3020 (Unspecified vulnerability in the Native Client validator ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3019 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3018 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3017 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3016 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
- chromium-browser 17.0.963.56~r121963-1
- - webkit <undetermined>
CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before ...)
- chromium-browser <not-affected> (PDF functionality not built)
- - webkit <undetermined>
CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer ...)
@@ -20727,26 +20659,21 @@
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
- chromium-browser 14.0.835.202~r103287-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/95667 http://trac.webkit.org/changeset/95689 http://trac.webkit.org/changeset/95728
CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object ...)
- chromium-browser 14.0.835.202~r103287-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/94984
CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
- chromium-browser 14.0.835.202~r103287-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/95488
CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, ...)
- chromium-browser 14.0.835.202~r103287-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/94508
CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
- chromium-browser 14.0.835.202~r103287-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/95600
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -20800,7 +20727,6 @@
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -20812,7 +20738,6 @@
- webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/93514
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -20822,12 +20747,10 @@
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/94109 http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -20857,14 +20780,11 @@
CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/93521
CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
CVE-2011-2845 (Google Chrome before 15.0.874.102 does not properly handle history ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
@@ -20883,7 +20803,6 @@
CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/90164
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux ...)
- chromium-browser <not-affected> (Pdf plugin)
@@ -20907,17 +20826,14 @@
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2832
RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...)
- chromium-browser 13.0.782.215~r97094-1
- - webkit <undetermined>
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows remote ...)
@@ -20927,26 +20843,21 @@
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to bypass ...)
- chromium-browser 13.0.782.215~r97094-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/r91738 http://trac.webkit.org/r91739 http://trac.webkit.org/changeset/92744
CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly parse ...)
- chromium-browser <not-affected> (windows only)
- webkit <not-affected>
@@ -20963,38 +20874,29 @@
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
{DSA-2307-1}
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2812
RESERVED
CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2810
REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2808
RESERVED
CVE-2011-2807
@@ -21004,7 +20906,6 @@
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle nested ...)
- chromium-browser <not-affected> (pdf plugin)
@@ -21022,17 +20923,14 @@
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain ...)
{DSA-2307-1}
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/91044
NOTE: http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict access to ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -21041,7 +20939,6 @@
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome before ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -21049,22 +20946,18 @@
- webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to functions ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform text ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in Google ...)
- chromium-browser 13.0.782.107~r94237-1 (unimportant)
@@ -21073,7 +20966,6 @@
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -21082,7 +20974,6 @@
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in Google ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -22306,7 +22197,6 @@
CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes ...)
{DSA-2307-1}
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -22316,31 +22206,25 @@
NOT-FOR-US: Android
CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2355
RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2353
RESERVED
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88584 http://trac.webkit.org/changeset/88549
CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not properly ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88411 http://trac.webkit.org/changeset/88434
CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
- libv8 3.4.14-1
@@ -22348,12 +22232,10 @@
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88448
CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: introduced in http://trac.webkit.org/changeset/77740
NOTE: http://trac.webkit.org/changeset/87827
CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 does not ...)
@@ -22365,15 +22247,12 @@
RESERVED
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2340
RESERVED
CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2337
RESERVED
CVE-2011-2336
@@ -22765,7 +22644,6 @@
CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91 allows ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/88071
CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 ...)
NOT-FOR-US: Microsoft
@@ -23069,7 +22947,6 @@
NOT-FOR-US: MediaCAST
CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...)
NOT-FOR-US: Skype
CVE-2011-2073
@@ -23728,7 +23605,6 @@
CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google Chrome ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/86725
CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement history ...)
- chromium-browser 12.0.742.91~r87961-1
@@ -23737,7 +23613,6 @@
CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google Chrome ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/86507
CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to inject ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
@@ -23759,17 +23634,14 @@
CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <no-dsa> (minor issue)
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/83345
CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in Google ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80890
CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91 ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84096 http://trac.webkit.org/changeset/84098 http://trac.webkit.org/changeset/84119
CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs, which ...)
- chromium-browser 11.0.696.71~r86024-1
@@ -23784,58 +23656,48 @@
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...)
- chromium-browser 11.0.696.71~r86024-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/86448
CVE-2011-1803
RESERVED
CVE-2011-1802
RESERVED
CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows ...)
- - webkit <undetermined>
- chromium-browser 11.0.696.71~r86024-1 (unimportant)
NOTE: http://trac.webkit.org/changeset/85977
CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in ...)
- chromium-browser 11.0.696.68~r84545-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of ...)
{DSA-2245-1}
- chromium-browser 11.0.696.68~r84545-1
- - webkit <undetermined>
CVE-2011-1798
RESERVED
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
{DSA-2245-1}
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1796
RESERVED
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84300
CVE-2011-1795
RESERVED
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/83690
CVE-2011-1794
RESERVED
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84422
CVE-2011-1793
RESERVED
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/85406
CVE-2011-1792
RESERVED
@@ -24121,7 +23983,6 @@
CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in ...)
- chromium-browser 12.0.742.91~r87961-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/82222
CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through ...)
{DSA-2220-1}
@@ -24835,7 +24696,6 @@
RESERVED
CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1461
RESERVED
CVE-2011-1460
@@ -24846,7 +24706,6 @@
RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, ...)
- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF ...)
@@ -24854,11 +24713,9 @@
CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling functionality in ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
@@ -24866,7 +24723,6 @@
CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/83209
CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file ...)
- chromium-browser 11.0.696.65~r84435-1 (unimportant)
@@ -24874,17 +24730,14 @@
CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/82088
CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform height ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81786
CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle drop-down ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81851
CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to spoof the ...)
- chromium-browser 11.0.696.65~r84435-1
@@ -24893,7 +24746,6 @@
CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome ...)
{DSA-2245-1}
@@ -24902,22 +24754,18 @@
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement layering, ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/82624
CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle mutation ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81611
CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a cast of ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80773 http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 ...)
{DSA-2245-1}
- chromium-browser 11.0.696.65~r84435-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/84009
CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly isolate ...)
- chromium-browser 11.0.696.65~r84435-1
@@ -24926,12 +24774,10 @@
CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to bypass the ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/81399
CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57 allow ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/79462
CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly interact ...)
- chromium-browser 11.0.696.65~r84435-1
@@ -25211,7 +25057,6 @@
NOT-FOR-US: Internet Explorer
CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
NOT-FOR-US: Tivoli
CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
@@ -25291,15 +25136,12 @@
CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <no-dsa> (minor issue)
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/76713
CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57 allows ...)
- chromium-browser 11.0.696.65~r84435-1 (unimportant)
- - webkit <undetermined> (unimportant)
CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle floating ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80682
CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome before ...)
- chromium-browser 10.0.648.205~r81283-1
@@ -25320,27 +25162,22 @@
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, ...)
- chromium-browser 10.0.648.204~r79063-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80520
CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari ...)
- chromium-browser 10.0.648.204~r79063-1
[squeeze] - chromium-browser <no-dsa> (hard merge)
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80487
CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle Cascading ...)
- chromium-browser 10.0.648.204~r79063-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in ...)
{DSA-2245-1}
- chromium-browser 10.0.648.204~r79063-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/80797
CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in ...)
{DSA-2245-1}
- chromium-browser 10.0.648.204~r79063-1
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/79808
CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base ...)
- chromium-browser 10.0.648.204~r79063-1
@@ -25356,7 +25193,6 @@
RESERVED
CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-1287
RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
@@ -25593,7 +25429,6 @@
NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <unfixed> (unimportant)
NOTE: http://trac.webkit.org/changeset/77049
NOTE: http://trac.webkit.org/changeset/77329
NOTE: popup blocker bypass not treated as a security issue
@@ -25625,7 +25460,6 @@
{DSA-2189-1}
- chromium-browser 10.0.648.127~r76697-1
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- - webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
- libv8 3.1.8.10-1 (bug #617418)
@@ -25851,7 +25685,6 @@
{DSA-2189-1}
- chromium-browser 9.0.597.107~r75357-1
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- - webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...)
{DSA-2189-1}
@@ -28575,13 +28408,10 @@
NOT-FOR-US: Apple QuickTime
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
@@ -28600,39 +28430,30 @@
NOT-FOR-US: Apple QuickTime
CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0243
RESERVED
CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 ...)
NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0239
RESERVED
CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0236
RESERVED
CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services ...)
@@ -28648,29 +28469,22 @@
- freetype 2.4.6-1 (bug #635871)
CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0220
RESERVED
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...)
{DSA-2394-1}
- libxml2 2.7.8.dfsg-5.1 (bug #652352)
@@ -28773,176 +28587,121 @@
NOT-FOR-US: Apple iTunes
CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not ...)
NOT-FOR-US: Apple iOS
CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the ...)
NOT-FOR-US: Apple
CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...)
NOT-FOR-US: Ecava IntegraXor
@@ -29756,7 +29515,6 @@
NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <unfixed> (unimportant)
NOTE: http://trac.webkit.org/changeset/69914
NOTE: only a browser crash due to opening too many dialogs (i.e. a dos)
CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 ...)
@@ -29766,11 +29524,9 @@
NOTE: only a browser crash
CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read ...)
- chromium-browser 6.0.472.63~r59945-3
- - webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <unfixed> (unimportant)
NOTE: unimportant, bypass the pop-up blocker
NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...)
@@ -30534,7 +30290,6 @@
NOTE: http://code.google.com/p/skia/source/detail?r=606
NOTE: http://code.google.com/p/skia/source/detail?r=607
CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
- - webkit <undetermined>
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
CVE-2010-4200
@@ -31503,43 +31258,32 @@
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...)
NOT-FOR-US: Apple iOS Networking
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
NOT-FOR-US: Apple iOS configuration installation utility
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3825
RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3815
RESERVED
@@ -31556,29 +31300,22 @@
- chromium-browser <undetermined>
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3807
RESERVED
CVE-2010-3806
RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
NOT-FOR-US: Apple QuickTime
@@ -35829,7 +35566,6 @@
CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...)
NOT-FOR-US: Microsoft Windows
CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- - webkit <undetermined>
- chromium-browser 6.0.466.0~r52279-1
NOTE: This is a large series of risky behaviour-changing changesets.
NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that
@@ -36208,7 +35944,6 @@
NOT-FOR-US: Opera
CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...)
- chromium-browser <undetermined> (unimportant)
- - webkit <undetermined> (unimportant)
NOTE: browser denial-of-services are not considered security-relevant
CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
NOT-FOR-US: MS IE
@@ -36559,7 +36294,6 @@
NOT-FOR-US: Opera
CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <undetermined> (unimportant)
NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
NOTE: poc is just one window, but can be changed to open many
NOTE: this is a dos-only attack, so its considered unimportant
@@ -37025,7 +36759,6 @@
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <undetermined>
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
- webkit 1.2.5-1
@@ -37033,7 +36766,6 @@
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
NOT-FOR-US: Apple iOS
@@ -37155,7 +36887,6 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
NOTE: http://trac.webkit.org/changeset/61921
CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
@@ -37274,7 +37005,6 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- - webkit <undetermined>
- chromium-browser <undetermined>
NOTE: is CVE-2010-2441 a dup of this?
NOTE: chromium-sec don't have info
@@ -37345,7 +37075,6 @@
NOT-FOR-US: Dolphin browser, Konqueror not covered by security support
NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
- - webkit <unfixed> (unimportant)
- qt4-x11 <undetermined> (unimportant)
NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
NOTE: dos-only on webkit
@@ -38405,7 +38134,6 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- - webkit <undetermined>
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
NOTE: http://trac.webkit.org/changeset/53446
@@ -38522,7 +38250,6 @@
- webkit <not-affected> (this is a bug in Apple's PDFKit)
- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
- - webkit <unfixed> (unimportant)
- chromium-browser <unfixed> (unimportant)
NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
@@ -39115,10 +38842,8 @@
CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...)
NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
- - webkit <unfixed> (unimportant; bug #578982)
NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
- - webkit <unfixed> (unimportant; bug #578982)
NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
- webkit <not-affected>
@@ -39261,7 +38986,6 @@
CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...)
- tikiwiki <removed>
CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...)
- - webkit <undetermined> (unimportant)
NOTE: browser crashes are not considered security-relevant
CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...)
- php5 5.3.2-1 (unimportant)
@@ -46387,7 +46111,6 @@
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...)
NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...)
- - webkit <unfixed> (unimportant; bug #559759)
- qt4-x11 <unfixed> (unimportant)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- kdelibs <unfixed> (unimportant)
@@ -46416,7 +46139,6 @@
NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
- chromium-browser <not-affected> (Only 1.x is affected)
- - webkit <unfixed> (unimportant)
NOTE: browser denial of services not considered security-relevant
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
NOT-FOR-US: Microsoft Internet Explorer
@@ -46469,7 +46191,6 @@
NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <unfixed> (unimportant)
NOTE: browser denial of services aren't considered security-relevant
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: Opera
@@ -47346,7 +47067,6 @@
CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...)
NOT-FOR-US: Apple Safari
CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
- - webkit <unfixed> (unimportant)
- qt4-x11 <unfixed> (unimportant)
- kdelibs <unfixed> (unimportant)
- kde4libs <unfixed> (unimportant)
@@ -47360,7 +47080,6 @@
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
- chromium-browser <undetermined> (unimportant)
- - webkit <undetermined> (unimportant)
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
@@ -47606,13 +47325,11 @@
NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
- chromium-browser <not-affected> (Only 1.x is affected)
- - webkit <unfixed> (unimportant)
NOTE: browser denial of services are not considered security-relevant
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
- xulrunner <unfixed> (unimportant; bug #557753)
- - webkit <unfixed> (unimportant; bug #557752)
NOTE: browser denial-of-services are considered unimportant
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...)
NOT-FOR-US: Sun Solaris
@@ -49135,7 +48852,6 @@
NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...)
- chromium-browser <not-affected> (Only 2.x is affected)
- - webkit <unfixed> (unimportant)
NOTE: browser denial of services not considered security-relevant
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
NOT-FOR-US: Opera
@@ -50543,7 +50259,6 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when the ...)
- chromium-browser 5.0.342.9~r43360-1
- - webkit <undetermined>
CVE-2009-2067 (Opera detects http content in https web pages only when the top-level ...)
NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...)
@@ -52167,7 +51882,6 @@
NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...)
- chromium-browser 5.0.375.38~r46659-1 (low)
- - webkit <unfixed> (unimportant; bug #578982)
NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...)
NOT-FOR-US: PumpKIN TFTP Server
@@ -69991,11 +69705,9 @@
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - webkit <undetermined>
NOTE: As far as I can see this has been addressed in revision 30871.
NOTE: Please doublecheck.
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...)
- - webkit <undetermined>
NOTE: As far as I can see this has been addressed in revision 31388.
NOTE: Please doublecheck.
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
More information about the Secure-testing-commits
mailing list