[Secure-testing-commits] r32054 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Feb 7 11:59:40 UTC 2015
Author: carnil
Date: 2015-02-07 11:59:40 +0000 (Sat, 07 Feb 2015)
New Revision: 32054
Modified:
data/CVE/list
Log:
Add chromium issues which should be fixed in 40.0.2214.91, but left as TODO for now
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-02-07 11:58:12 UTC (rev 32053)
+++ data/CVE/list 2015-02-07 11:59:40 UTC (rev 32054)
@@ -352,10 +352,19 @@
CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot ...)
NOT-FOR-US: Exif Pilot
CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in Google ...)
+ - chromium-browser <unfixed>
+ [wheezy] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: check
CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
+ - chromium-browser <unfixed>
+ [wheezy] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: check
CVE-2015-1359 (Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, ...)
+ - chromium-browser <unfixed>
+ [wheezy] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: check
CVE-2015-1358
RESERVED
@@ -366,11 +375,17 @@
CVE-2015-1355
RESERVED
CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throttle.cc ...)
+ - chromium-browser <unfixed>
+ [wheezy] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: check
CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
+ - chromium-browser <unfixed>
+ [wheezy] - chromium-browser <end-of-life>
+ [squeeze] - chromium-browser <end-of-life>
TODO: check
CVE-2014-9646 (Unquoted Windows search path vulnerability in the ...)
- TODO: check
+ - chromium-browser <not-affected> (Windows specific problem for chromium-browser)
CVE-2015-XXXX [XSA-118]
- xen <unfixed> (low)
[wheezy] - xen <not-affected> (Only affects 4.4 and later on arm)
More information about the Secure-testing-commits
mailing list