[Secure-testing-commits] r20423 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Wed Oct 31 17:27:33 UTC 2012


Author: jmm
Date: 2012-10-31 17:27:33 +0000 (Wed, 31 Oct 2012)
New Revision: 20423

Modified:
   data/CVE/list
Log:
- new libreoffice issue
- squash more debsecan false positives by eliminating more <undetermined> entries for webkit/chromium
- fixup some chromium-browser entries and add some historic fixes
- python-keyring CVEfied


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2012-10-31 06:49:45 UTC (rev 20422)
+++ data/CVE/list	2012-10-31 17:27:33 UTC (rev 20423)
@@ -883,8 +883,6 @@
 	NOT-FOR-US: Drupal Memcache
 CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...)
 	NOT-FOR-US: Drupal Memcache
-CVE-2012-XXXX [python-keyring: CryptedFileKeyring is insecure]
-	- python-keyring 0.9.2-1 (bug #675379)
 CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 ...)
 	NOT-FOR-US: Cerberus
 CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress ...)
@@ -2909,8 +2907,9 @@
 	RESERVED
 CVE-2012-4572
 	RESERVED
-CVE-2012-4571
+CVE-2012-4571 [python-keyring: CryptedFileKeyring is insecure]
 	RESERVED
+	- python-keyring 0.9.2-1 (bug #675379)
 CVE-2012-4570
 	RESERVED
 CVE-2012-4569
@@ -2927,7 +2926,7 @@
 	RESERVED
 CVE-2012-4563
 	RESERVED
-	- gwt <unfixed>
+	- gwt <unfixed> (bug #691900)
 	[squeeze] - gwt <not-affected> (Vulnerable code not present)
 CVE-2012-4562
 	RESERVED
@@ -3799,6 +3798,9 @@
 	RESERVED
 CVE-2012-4233
 	RESERVED
+	- libreoffice 1:3.5.4+dfsg-3
+	- openoffice.org 1:3.3.0-1
+	NOTE: Since 3.3.0 openoffice.org is a transitional source package
 CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...)
 	TODO: check
 CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
@@ -15253,7 +15255,7 @@
 CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
 	NOT-FOR-US: Adobe Flash Player
 CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
-	- chromium-browser <unfixed> (unimportant)
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of ...)
 	- chromium-browser <unfixed> (unimportant)
 CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the ...)
@@ -19611,31 +19613,31 @@
 CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X ...)
 	NOT-FOR-US: Apple Safari
 CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3240
 	RESERVED
 CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
 	- chromium-browser 14.0.835.163~r101024-1
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/92132
 CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
 	- xulrunner <not-affected> (Only affects Firefox >= 4)
 	- iceweasel 7.0-1
@@ -20884,11 +20886,11 @@
 	{DSA-2394-1}
 	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
 CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2832
 	RESERVED
 CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
 	NOTE: CVE description is wrong, see #656057
 CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...)
@@ -20928,8 +20930,7 @@
 	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
 	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
 CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
-	[squeeze] - chromium-browser <not-affected>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
 	- chromium-browser 13.0.782.107~r94237-1
 	[squeeze] - chromium-browser <not-affected>
@@ -20939,23 +20940,23 @@
 	- chromium-browser 13.0.782.107~r94237-1
 	NOTE: http://trac.webkit.org/changeset/91386
 CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2812
 	RESERVED
 CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2810
 	REJECTED
 CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2808
 	RESERVED
 CVE-2011-2807
@@ -21125,7 +21126,7 @@
 CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
 	NOT-FOR-US: LifeSize Room appliance
 CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 14.0.835.157~r99685-1
 	[squeeze] - chromium-browser <not-affected>
 	- webkit <not-affected> (chromium issue)
 CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
@@ -22247,8 +22248,7 @@
 	- icedove 3.1.11-1
 	[lenny] - icedove <end-of-life>
 CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
-	- chromium-browser 13.0.782.107~r94237-1
-	[squeeze] - chromium-browser <unfixed> (unimportant)
+	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
 	- webkit <not-affected> (chromium specific)
 CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is ...)
 	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
@@ -22258,21 +22258,20 @@
 	- chromium-browser 13.0.782.107~r94237-1
 	NOTE: http://trac.webkit.org/changeset/90068
 CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension ...)
-	- chromium-browser 13.0.782.107~r94237-1
-	[squeeze] - chromium-browser <unfixed> (unimportant)
+	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
 	- webkit <not-affected> (chromium specific)
 CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading ...)
 	NOT-FOR-US: Android
 CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2355
 	RESERVED
 CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2353
 	RESERVED
 CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
 	- chromium-browser 12.0.742.112~r90304-1
 	[squeeze] - chromium-browser <not-affected>
@@ -22305,13 +22304,13 @@
 CVE-2011-2343
 	RESERVED
 CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2340
 	RESERVED
 CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-2337
 	RESERVED
 CVE-2011-2336
@@ -24754,7 +24753,7 @@
 CVE-2011-1463
 	RESERVED
 CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-1461
 	RESERVED
 CVE-2011-1460
@@ -24764,7 +24763,7 @@
 CVE-2011-1458
 	RESERVED
 CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, ...)
 	- chromium-browser <not-affected> (chrome pdf plugin)
 CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF ...)
@@ -24774,7 +24773,7 @@
 	[squeeze] - chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/84015
 CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
 	- chromium-browser 11.0.696.65~r84435-1
 	[squeeze] - chromium-browser <not-affected>
@@ -25115,7 +25114,7 @@
 CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
 	NOT-FOR-US: Internet Explorer
 CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
 	NOT-FOR-US: Tivoli
 CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
@@ -25251,7 +25250,7 @@
 CVE-2011-1289
 	RESERVED
 CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-1287
 	RESERVED
 CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
@@ -25977,7 +25976,6 @@
 CVE-2011-1060 (SQL injection vulnerability in the member function in ...)
 	NOT-FOR-US: WSN Guest
 CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...)
-	- chromium-browser <undetermined>
 	- webkit <not-affected> (history controller code not present in 1.2)
 	NOTE: http://trac.webkit.org/changeset/77705
 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
@@ -28466,11 +28464,11 @@
 CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
@@ -28488,31 +28486,31 @@
 CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0243
 	RESERVED
 CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 ...)
 	NOT-FOR-US: Apple Safari
 CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0239
 	RESERVED
 CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0236
 	RESERVED
 CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services ...)
@@ -28527,23 +28525,23 @@
 	{DSA-2294-1}
 	- freetype 2.4.6-1 (bug #635871)
 CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0220
 	RESERVED
 CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...)
 	{DSA-2394-1}
 	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
@@ -28645,123 +28643,123 @@
 CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not ...)
 	NOT-FOR-US: Apple iOS
 CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
 	NOT-FOR-US: Safari in Apple iOS
 CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
 	NOT-FOR-US: MobileSafari in Apple iOS
 CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the ...)
 	NOT-FOR-US: Apple
 CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...)
 	NOT-FOR-US: Ecava IntegraXor
 CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and ...)
@@ -31317,33 +31315,33 @@
 CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...)
 	NOT-FOR-US: Apple iOS Networking
 CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
 	NOT-FOR-US: Apple iOS iAd
 CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
 	NOT-FOR-US: Apple iOS configuration installation utility
 CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3825
 	RESERVED
 CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3815
 	RESERVED
 CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
@@ -31359,23 +31357,23 @@
 	- chromium-browser <undetermined>
 	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
 CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3807
 	RESERVED
 CVE-2010-3806
 	RESERVED
 CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
@@ -36816,16 +36814,15 @@
 CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
-	- chromium-browser <undetermined>
 CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
 	- chromium-browser <not-affected>
 	NOTE: http://trac.webkit.org/changeset/63048
 CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
-	- chromium-browser <undetermined>
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
 	NOT-FOR-US: Apple iOS
 CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
@@ -36946,8 +36943,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
 	NOTE: http://trac.webkit.org/changeset/61921
 CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
-	- chromium-browser <undetermined>
-	NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
 	- webkit 1.2.5-1
 	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -37064,10 +37060,7 @@
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
 	NOTE: http://trac.webkit.org/changeset/59098
 CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
-	- chromium-browser <undetermined>
-	NOTE: is CVE-2010-2441 a dup of this?
-	NOTE: chromium-sec don't have info
-	NOTE: Sounds like it could be iPhone specific
+	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
 	NOT-FOR-US: Apple iPhone
 CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...)




More information about the Secure-testing-commits mailing list