[Secure-testing-commits] r32774 - data/CVE

Wed Mar 11 06:31:14 UTC 2015

Author: jmm
Date: 2015-03-11 06:31:13 +0000 (Wed, 11 Mar 2015)
New Revision: 32774

Modified:
   data/CVE/list
Log:
more chromium/libv8 CVE assignments


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2015-03-11 06:23:09 UTC (rev 32773)
+++ data/CVE/list	2015-03-11 06:31:13 UTC (rev 32774)
@@ -21,7 +21,7 @@
 	- cups-filters <unfixed>
 	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
 	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
-	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/09/5
+	NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
 CVE-2015-2241 [XSS attack via properties in ModelAdmin.readonly_fields]
 	RESERVED
 	- python-django 1.7.6-1
@@ -29,9 +29,15 @@
 CVE-2015-2240
 	RESERVED
 CVE-2015-2239 (Google Chrome before 41.0.2272.76, when Instant Extended mode is used, ...)
-	TODO: check
+	- chromium-browser 41.0.2272.76-1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-2238 (Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...)
-	TODO: check
+	- chromium-browser 41.0.2272.76-1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
+	- libv8-3.14 <unfixed> (unimportant)
+	NOTE: libv8 not covered by security support
 CVE-2015-2237
 	RESERVED
 CVE-2015-2236
@@ -91,7 +97,9 @@
 CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...)
 	TODO: check
 CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...)
-	TODO: check
+	- chromium-browser 41.0.2272.76-1
+	[wheezy] - chromium-browser <end-of-life>
+	[squeeze] - chromium-browser <end-of-life>
 CVE-2015-XXXX [tcllib XSS]
 	- tcllib 1.16-dfsg-2 (low; bug #780100)
 	[wheezy] - tcllib <no-dsa> (Minor issue, will be fixed in a point update)


