[Secure-testing-commits] r20423 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Wed Oct 31 17:27:33 UTC 2012
Author: jmm
Date: 2012-10-31 17:27:33 +0000 (Wed, 31 Oct 2012)
New Revision: 20423
Modified:
data/CVE/list
Log:
- new libreoffice issue
- squash more debsecan false positives by eliminating more <undetermined> entries for webkit/chromium
- fixup some chromium-browser entries and add some historic fixes
- python-keyring CVEfied
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-10-31 06:49:45 UTC (rev 20422)
+++ data/CVE/list 2012-10-31 17:27:33 UTC (rev 20423)
@@ -883,8 +883,6 @@
NOT-FOR-US: Drupal Memcache
CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...)
NOT-FOR-US: Drupal Memcache
-CVE-2012-XXXX [python-keyring: CryptedFileKeyring is insecure]
- - python-keyring 0.9.2-1 (bug #675379)
CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 ...)
NOT-FOR-US: Cerberus
CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress ...)
@@ -2909,8 +2907,9 @@
RESERVED
CVE-2012-4572
RESERVED
-CVE-2012-4571
+CVE-2012-4571 [python-keyring: CryptedFileKeyring is insecure]
RESERVED
+ - python-keyring 0.9.2-1 (bug #675379)
CVE-2012-4570
RESERVED
CVE-2012-4569
@@ -2927,7 +2926,7 @@
RESERVED
CVE-2012-4563
RESERVED
- - gwt <unfixed>
+ - gwt <unfixed> (bug #691900)
[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-4562
RESERVED
@@ -3799,6 +3798,9 @@
RESERVED
CVE-2012-4233
RESERVED
+ - libreoffice 1:3.5.4+dfsg-3
+ - openoffice.org 1:3.3.0-1
+ NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...)
TODO: check
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
@@ -15253,7 +15255,7 @@
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
- - chromium-browser <unfixed> (unimportant)
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of ...)
- chromium-browser <unfixed> (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the ...)
@@ -19611,31 +19613,31 @@
CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final ...)
NOT-FOR-US: Apple iOS
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X ...)
NOT-FOR-US: Apple Safari
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3240
RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
- xulrunner <not-affected> (Only affects Firefox >= 4)
- iceweasel 7.0-1
@@ -20884,11 +20886,11 @@
{DSA-2394-1}
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2832
RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...)
@@ -20928,8 +20930,7 @@
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
- [squeeze] - chromium-browser <not-affected>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
- chromium-browser 13.0.782.107~r94237-1
[squeeze] - chromium-browser <not-affected>
@@ -20939,23 +20940,23 @@
- chromium-browser 13.0.782.107~r94237-1
NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2812
RESERVED
CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2810
REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2808
RESERVED
CVE-2011-2807
@@ -21125,7 +21126,7 @@
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
- - chromium-browser <undetermined>
+ - chromium-browser 14.0.835.157~r99685-1
[squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
@@ -22247,8 +22248,7 @@
- icedove 3.1.11-1
[lenny] - icedove <end-of-life>
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
- - chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <unfixed> (unimportant)
+ - chromium-browser 13.0.782.107~r94237-1 (unimportant)
- webkit <not-affected> (chromium specific)
CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is ...)
- chromium-browser 13.0.782.107~r94237-1 (unimportant)
@@ -22258,21 +22258,20 @@
- chromium-browser 13.0.782.107~r94237-1
NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension ...)
- - chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <unfixed> (unimportant)
+ - chromium-browser 13.0.782.107~r94237-1 (unimportant)
- webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading ...)
NOT-FOR-US: Android
CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2355
RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2353
RESERVED
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
- chromium-browser 12.0.742.112~r90304-1
[squeeze] - chromium-browser <not-affected>
@@ -22305,13 +22304,13 @@
CVE-2011-2343
RESERVED
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
RESERVED
CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2337
RESERVED
CVE-2011-2336
@@ -24754,7 +24753,7 @@
CVE-2011-1463
RESERVED
CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1461
RESERVED
CVE-2011-1460
@@ -24764,7 +24763,7 @@
CVE-2011-1458
RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, ...)
- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF ...)
@@ -24774,7 +24773,7 @@
[squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
- chromium-browser 11.0.696.65~r84435-1
[squeeze] - chromium-browser <not-affected>
@@ -25115,7 +25114,7 @@
CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
NOT-FOR-US: Internet Explorer
CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
NOT-FOR-US: Tivoli
CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
@@ -25251,7 +25250,7 @@
CVE-2011-1289
RESERVED
CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1287
RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
@@ -25977,7 +25976,6 @@
CVE-2011-1060 (SQL injection vulnerability in the member function in ...)
NOT-FOR-US: WSN Guest
CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...)
- - chromium-browser <undetermined>
- webkit <not-affected> (history controller code not present in 1.2)
NOTE: http://trac.webkit.org/changeset/77705
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
@@ -28466,11 +28464,11 @@
CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
@@ -28488,31 +28486,31 @@
CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
NOT-FOR-US: Apple QuickTime
CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0243
RESERVED
CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 ...)
NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0239
RESERVED
CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0236
RESERVED
CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services ...)
@@ -28527,23 +28525,23 @@
{DSA-2294-1}
- freetype 2.4.6-1 (bug #635871)
CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0220
RESERVED
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...)
{DSA-2394-1}
- libxml2 2.7.8.dfsg-5.1 (bug #652352)
@@ -28645,123 +28643,123 @@
CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes ...)
NOT-FOR-US: Apple iTunes
CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not ...)
NOT-FOR-US: Apple iOS
CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the ...)
NOT-FOR-US: Apple
CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...)
NOT-FOR-US: Ecava IntegraXor
CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and ...)
@@ -31317,33 +31315,33 @@
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...)
NOT-FOR-US: Apple iOS Networking
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
NOT-FOR-US: Apple iOS configuration installation utility
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3825
RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3815
RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
@@ -31359,23 +31357,23 @@
- chromium-browser <undetermined>
NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3807
RESERVED
CVE-2010-3806
RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
@@ -36816,16 +36814,15 @@
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- - chromium-browser <undetermined>
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- - chromium-browser <undetermined>
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
@@ -36946,8 +36943,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
NOTE: http://trac.webkit.org/changeset/61921
CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
- - chromium-browser <undetermined>
- NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
@@ -37064,10 +37060,7 @@
NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- - chromium-browser <undetermined>
- NOTE: is CVE-2010-2441 a dup of this?
- NOTE: chromium-sec don't have info
- NOTE: Sounds like it could be iPhone specific
+ NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...)
More information about the Secure-testing-commits
mailing list