[Secure-testing-commits] r29371 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Sun Oct 12 18:50:41 UTC 2014
Author: mgilbert
Date: 2014-10-12 18:50:41 +0000 (Sun, 12 Oct 2014)
New Revision: 29371
Modified:
data/CVE/list
Log:
fix chromium entries
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-10-12 18:32:32 UTC (rev 29370)
+++ data/CVE/list 2014-10-12 18:50:41 UTC (rev 29371)
@@ -454,8 +454,9 @@
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
- - chromium-browser <unfixed>
+ - chromium-browser <undetermined>
[squeeze] - chromium-browser <end-of-life>
+ TODO: CVE description indicates upsteam 38.0.2125.101 fixed this, but there isn't enough information available to check yet
CVE-2014-7960 [Swift metadata constraints are not correctly enforced]
RESERVED
- swift <unfixed>
@@ -11393,18 +11394,20 @@
CVE-2014-3201
RESERVED
CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- - chromium-browser <unfixed>
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...)
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
+ - chromium-browser 38.0.2125.101-1
+ [squeeze] - chromium-browser <end-of-life>
CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
- chromium-browser <not-affected> (Only affects Windows)
@@ -11413,33 +11416,35 @@
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
+ - chromium-browser 38.0.2125.101-1
+ [squeeze] - chromium-browser <end-of-life>
CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3193 (The SessionService::GetLastSession function in ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3192 (Use-after-free vulnerability in the ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...)
- - chromium-browser 37.0.2062-1
+ - chromium-browser 38.0.2125.101-1
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed>
-CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
- TODO: check
+CVE-2014-3187 (Google Chrome before 37.0.2062.120.60 and 38.x before 38.0.2125.59 on iOS ...)
+ - chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
- linux <unfixed>
[wheezy] - linux <no-dsa> (Will be fixed in next point release)
@@ -11480,63 +11485,63 @@
RESERVED
CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
+CVE-2014-3177 (Google Chrome before 37.0.2062.120.94 does not properly handle the ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
+CVE-2014-3176 (Google Chrome before 37.0.2062.120.94 does not properly handle the ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ...)
+CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.120.94 does not ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3172 (The Debugger extension API in ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
-CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 ...)
+CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.120.94 ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3165 (Use-after-free vulnerability in ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3164
RESERVED
@@ -11544,13 +11549,13 @@
RESERVED
CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...)
NOT-FOR-US: Android
CVE-2014-3160 (The ResourceFetcher::canRequest function in ...)
{DSA-3039-1}
- - chromium-browser 37.0.2062-1
+ - chromium-browser 37.0.2062.120-1
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
NOT-FOR-US: Android
More information about the Secure-testing-commits
mailing list