[Secure-testing-commits] r29371 - data/CVE

Michael Gilbert mgilbert at moszumanska.debian.org
Sun Oct 12 18:50:41 UTC 2014 

Author: mgilbert
Date: 2014-10-12 18:50:41 +0000 (Sun, 12 Oct 2014)
New Revision: 29371

Modified:
   data/CVE/list
Log:
fix chromium entries

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-10-12 18:32:32 UTC (rev 29370)
+++ data/CVE/list	2014-10-12 18:50:41 UTC (rev 29371)
@@ -454,8 +454,9 @@
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
 	- libv8-3.14 <unfixed>
-	- chromium-browser <unfixed>
+	- chromium-browser <undetermined>
 	[squeeze] - chromium-browser <end-of-life>
+	TODO: CVE description indicates upsteam 38.0.2125.101 fixed this, but there isn't enough information available to check yet
 CVE-2014-7960 [Swift metadata constraints are not correctly enforced]
 	RESERVED
 	- swift <unfixed>
@@ -11393,18 +11394,20 @@
 CVE-2014-3201
 	RESERVED
 CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
-	- chromium-browser <unfixed>
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...)
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
 	- libv8-3.14 <unfixed>
+	- chromium-browser 38.0.2125.101-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
 	- chromium-browser <not-affected> (Only affects Windows)
@@ -11413,33 +11416,35 @@
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
 	- libv8-3.14 <unfixed>
+	- chromium-browser 38.0.2125.101-1
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3193 (The SessionService::GetLastSession function in ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3192 (Use-after-free vulnerability in the ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...)
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 38.0.2125.101-1
 	[squeeze] - chromium-browser <end-of-life>
 	- libv8 <removed>
 	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
 	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
 	- libv8-3.14 <unfixed>
-CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
-	TODO: check
+CVE-2014-3187 (Google Chrome before 37.0.2062.120.60 and 38.x before 38.0.2125.59 on iOS ...)
+	- chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
 CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
 	- linux <unfixed>
 	[wheezy] - linux <no-dsa> (Will be fixed in next point release)
@@ -11480,63 +11485,63 @@
 	RESERVED
 CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
+CVE-2014-3177 (Google Chrome before 37.0.2062.120.94 does not properly handle the ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
+CVE-2014-3176 (Google Chrome before 37.0.2062.120.94 does not properly handle the ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ...)
+CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.120.94 does not ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3172 (The Debugger extension API in ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 ...)
+CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.120.94 ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3165 (Use-after-free vulnerability in ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3164
 	RESERVED
@@ -11544,13 +11549,13 @@
 	RESERVED
 CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...)
 	NOT-FOR-US: Android
 CVE-2014-3160 (The ResourceFetcher::canRequest function in ...)
 	{DSA-3039-1}
-	- chromium-browser 37.0.2062-1
+	- chromium-browser 37.0.2062.120-1
 	[squeeze] - chromium-browser <end-of-life>
 CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
 	NOT-FOR-US: Android

More information about the Secure-testing-commits mailing list