[Secure-testing-commits] r31882 - data/CVE
Michael Gilbert
mgilbert at moszumanska.debian.org
Sat Jan 31 23:18:24 UTC 2015
Author: mgilbert
Date: 2015-01-31 23:18:24 +0000 (Sat, 31 Jan 2015)
New Revision: 31882
Modified:
data/CVE/list
Log:
end-of-life tags for chromium in wheezy
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-01-31 22:08:46 UTC (rev 31881)
+++ data/CVE/list 2015-01-31 23:18:24 UTC (rev 31882)
@@ -709,6 +709,7 @@
TODO: check in which version the issue was introduced exactly
CVE-2015-1346 (Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
@@ -956,6 +957,7 @@
RESERVED
CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- icu <unfixed> (bug #776719)
CVE-2015-1203 [stack allocation with an attacker-controlled size -- modules/access/ftp.c]
@@ -8286,42 +8288,54 @@
RESERVED
CVE-2014-7948 (The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7947 (OpenJPEG before r2944, as used in PDFium in Google Chrome before ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7945 (OpenJPEG before r2908, as used in PDFium in Google Chrome before ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7944 (The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7943 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7942 (The Fonts implementation in Google Chrome before 40.0.2214.91 does not ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7941 (The SelectionOwner::ProcessTarget function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- icu <unfixed> (bug #776265)
CVE-2014-7939 (Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2014-7938 (The Fonts implementation in Google Chrome before 40.0.2214.91 allows ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- ffmpeg 7:2.4.2-1
[squeeze] - ffmpeg <end-of-life>
@@ -8330,15 +8344,19 @@
NOTE: libav: needed
CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7935 (Use-after-free vulnerability in browser/speech/tts_message_filter.cc ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7934 (Use-after-free vulnerability in the DOM implementation in Blink, as ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- ffmpeg 7:2.5.1-1
[squeeze] - ffmpeg <end-of-life>
@@ -8348,40 +8366,50 @@
NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7931 (factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2014-7930 (Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7929 (Use-after-free vulnerability in the ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7928 (hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2014-7927 (The SimplifiedLowering::DoLoadBuffer function in ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8-3.14 <unfixed> (unimportant; bug #773671)
NOTE: libv8 not covered by security support
CVE-2014-7926 (The Regular Expressions package in International Components for ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- icu <unfixed> (bug #776265)
CVE-2014-7925 (Use-after-free vulnerability in the WebAudio implementation in Blink, ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7924 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7923 (The Regular Expressions package in International Components for ...)
- chromium-browser 40.0.2214.91-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- icu <unfixed> (bug #776265)
CVE-2014-7922
@@ -8410,46 +8438,58 @@
NOT-FOR-US: Android
CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=433500 (private)
CVE-2014-7909 (effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=391001 (private)
CVE-2014-7908 (Multiple integer overflows in the CheckMov function in ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=425980 (private)
CVE-2014-7907 (Multiple use-after-free vulnerabilities in ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=424453 (private)
CVE-2014-7906 (Use-after-free vulnerability in the Pepper plugins in Google Chrome ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=423030 (private)
CVE-2014-7905 (Google Chrome before 39.0.2171.65 on Android does not prevent ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=421817 (private)
CVE-2014-7904 (Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: https://code.google.com/p/chromium/issues/detail?id=418161 (private)
CVE-2014-7903 (Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7902 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7901 (Integer overflow in the opj_t2_read_packet_data function in ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7900 (Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-7899 (Google Chrome before 38.0.2125.101 allows remote attackers to spoof ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
NOTE: https://chromium.googlesource.com/chromium/src/+/5cfbddc9cc972f5133f26664dbf5810bb569cd04
@@ -8553,6 +8593,7 @@
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed> (unimportant; bug #773671)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: libv8 not covered by security support
CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote ...)
@@ -18844,6 +18885,7 @@
- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
- chromium-browser 39.0.2171.71-1 (bug #765928)
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- conkeror <unfixed> (unimportant)
- cyassl <unfixed> (bug #769905)
@@ -19992,9 +20034,11 @@
NOT-FOR-US: Unity
CVE-2014-3201 (core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used ...)
- chromium-browser 39.0.2171.71-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...)
- libv8 <removed>
@@ -20002,13 +20046,16 @@
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed> (unimportant; bug #773671)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: libv8 not covered by security support
CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
- chromium-browser <not-affected> (Only affects Windows)
@@ -20018,28 +20065,36 @@
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
- libv8-3.14 <unfixed> (unimportant; bug #773671)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
NOTE: libv8 not covered by security support
CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3193 (The SessionService::GetLastSession function in ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3192 (Use-after-free vulnerability in the ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...)
- chromium-browser 38.0.2125.101-1
+ [wheezy] - chromium-browser <end-of-life>
[squeeze] - chromium-browser <end-of-life>
- libv8 <removed>
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
More information about the Secure-testing-commits
mailing list