[Secure-testing-commits] r22622 - data/CVE
Moritz Muehlenhoff
jmm at alioth.debian.org
Sun Jun 16 15:09:38 UTC 2013
Author: jmm
Date: 2013-06-16 15:09:38 +0000 (Sun, 16 Jun 2013)
New Revision: 22622
Modified:
data/CVE/list
Log:
fix c&p error for chromium
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2013-06-16 15:00:19 UTC (rev 22621)
+++ data/CVE/list 2013-06-16 15:09:38 UTC (rev 22622)
@@ -3676,48 +3676,48 @@
CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2864 (The PDF functionality in Google Chrome before 27.0.1453.110 allows ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows ...)
{DSA-2706-1}
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ...)
- chromium-browser 27.0.1453.110-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2853
RESERVED
CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in ...)
@@ -3734,59 +3734,59 @@
CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- libv8 <unfixed>
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
{DSA-2695-1}
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2836 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 27.0.1453.93-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...)
NOT-FOR-US: Google Chrome OS
CVE-2013-2834 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...)
@@ -4414,7 +4414,7 @@
[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2012-XXXX [null pointer dereference]
- chromium-browser 21.0.1180.57~r148591-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
NOTE: http://seclists.org/fulldisclosure/2013/Mar/134
NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version
CVE-2013-2565
@@ -8822,37 +8822,37 @@
NOT-FOR-US: Chrome OS
CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...)
- chromium-browser 26.0.1410.43-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...)
NOT-FOR-US: Overflow in Chrome-specific libs
CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ...)
@@ -8865,110 +8865,110 @@
[squeeze] - linux-2.6 <not-affected> (Vulnerable code was introduced later)
CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers ...)
- chromium-browser 25.0.1364.160-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0910 (Google Chrome before 25.0.1364.152 does not properly manage the ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0909 (The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0908 (Google Chrome before 25.0.1364.152 does not properly manage bindings ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0907 (Race condition in Google Chrome before 25.0.1364.152 allows remote ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0906 (The IndexedDB implementation in Google Chrome before 25.0.1364.152 ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0905 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0904 (The Web Audio implementation in Google Chrome before 25.0.1364.152 ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0903 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0902 (Use-after-free vulnerability in the frame-loader implementation in ...)
- chromium-browser 25.0.1364.152-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0901
RESERVED
CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- icu 4.8.1.1-12 (low; bug #702346)
[squeeze] - icu <no-dsa> (Minor issue)
CVE-2013-0899 (Integer overflow in the padding implementation in the ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- opus 0.9.14+20120615-1+nmu1 (bug #704870)
CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before ...)
- chromium-browser <not-affected> (PDF viewer not included in Chromium)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- ffmpeg <removed>
- libav 6:0.8.6-1 (bug #703200)
CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly ...)
- chromium-browser <not-affected> (Mac OS X only)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
- chromium-browser 25.0.1364.97-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0878 [libavcodec/targa.c out of array accesses]
RESERVED
- ffmpeg <removed>
@@ -9214,54 +9214,54 @@
NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome ...)
- chromium-browser <not-affected> (MacOS-specific)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0842 (Google Chrome before 24.0.1312.56 does not properly handle %00 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0841 (Array index error in the content-blocking functionality in Google ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0840 (Google Chrome before 24.0.1312.56 does not validate URLs during the ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0839 (Use-after-free vulnerability in Google Chrome before 24.0.1312.56 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0838 (Google Chrome before 24.0.1312.52 on Linux uses weak permissions for ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0837 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0836 (Google V8 before 3.14.5.3, as used in Google Chrome before ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- libv8 <not-affected> (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20)
TODO: re-check uploads newer than 3.8.9.20
CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0834 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0833 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0832 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0831 (Directory traversal vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0830 (The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a ...)
- chromium-browser <not-affected> (Only affects Windows)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0829 (Google Chrome before 24.0.1312.52 does not properly maintain database ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2013-0828 (The PDF functionality in Google Chrome before 24.0.1312.52 does not ...)
- chromium-browser <not-affected> (PDF functionality not available in Chromium)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-6498 (Unrestricted file upload vulnerability in index.php in Atomymaxsite ...)
NOT-FOR-US: Atomymaxsite
CVE-2013-0827
@@ -14244,7 +14244,7 @@
- webcalendar <removed>
CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
- linux 3.8-1 (unimportant)
- linux-2.6 <unfixed> (unimportant)
@@ -14787,81 +14787,81 @@
CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before ...)
- libv8 <not-affected> (bug #702261; kMinFixedIndex and kMaxFixedIndex are hard-coded to the correct values in 3.8.9.20, a later commit introduced a caclulation that produced incorrect values)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: re-check uploads newer than 3.8.9.20
CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- chromium-browser 24.0.1312.68-1
CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote ...)
- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- ffmpeg <removed>
- libav 6:0.8.6-1
CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5147 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5146 (Google Chrome before 24.0.1312.52 allows remote attackers to bypass ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- ffmpeg <removed>
- libav 6:0.8.5-1 (bug #694483)
NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646 is supposed to fix this.
NOTE: Upstream has a sample, but can only be reproduced with asan/tsan. However, Chrome seems to be affected by this somehow more directly.
CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5141 (Google Chrome before 23.0.1271.97 does not properly restrict ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5140 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5139 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5135 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5134 (Heap-based buffer underflow in the xmlParseAttValueComplex function in ...)
{DSA-2580-1}
- libxml2 2.8.0+dfsg1-7 (bug #694521)
CVE-2012-5133 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5132 (Google Chrome before 23.0.1271.91 allows remote attackers to cause a ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5131 (Google Chrome before 23.0.1271.91 on Mac OS X does not properly ...)
- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
- mesa 8.0.5-3 (bug #695248)
[squeeze] - mesa <not-affected> (Vulnerable code not present)
@@ -14869,42 +14869,42 @@
- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- libwebp 0.1.3-3+nmu1 (bug #704573)
NOTE: fixed in experimental version 0.2.1-1
NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152
NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE
CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5125 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5124 (Google Chrome before 23.0.1271.64 does not properly handle textures, ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5123 (Skia, as used in Google Chrome before 23.0.1271.64, allows remote ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5122 (Google Chrome before 23.0.1271.64 does not properly perform a cast of ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5121 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5120 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5119 (Race condition in Pepper, as used in Google Chrome before ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5118 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...)
- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5117 (Google Chrome before 23.0.1271.64 does not properly restrict the ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5116 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
- chromium-browser 24.0.1312.68-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5115 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...)
- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5114
@@ -14913,19 +14913,19 @@
RESERVED
CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote ...)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-5107
RESERVED
CVE-2012-5106
@@ -15350,13 +15350,13 @@
CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
- iceweasel <not-affected> (Firefox ESV not support SDPY)
- chromium-browser 21.0.1180.57~r148591-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
{DSA-2627-1 DSA-2626-1 DSA-2579-1}
- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
- chromium-browser 22.0.1229.94~r161065-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
- qt4-x11 4:4.8.2+dfsg-3
- apache2 2.2.22-12 (bug #689936)
- lighttpd 1.4.30-1 (bug #700399)
@@ -15958,7 +15958,7 @@
RESERVED
CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote ...)
- chromium-browser 20.0.1132.21~r139451-1
- [lenny] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi ...)
NOT-FOR-US: ZTE ZXDSL
CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity ...)
More information about the Secure-testing-commits
mailing list