Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
a725c9c2 by Salvatore Bonaccorso at 2024-08-24T10:03:51+02:00
Cleanup some older entries for consistency
Add as well some explanations where sensible.
That said I did not clean up any further very ancient entries back in
the tracking.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -550464,13 +550464,10 @@ CVE-2016-2563 (Stack-based buffer overflow in the
SCP command-line utility in Pu
NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in
phpMyAdmin 4.5 ...)
- phpmyadmin 4:4.5.5.1-1 (unimportant)
- [jessie] - phpmyadmin <not-affected>
- [wheezy] - phpmyadmin <not-affected>
NOTE: vulnerability is only in the test suite
CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin 4.4. ...)
{DSA-3627-1}
- phpmyadmin 4:4.5.5.1-1
- [wheezy] - phpmyadmin <not-affected>
CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin 4.0. ...)
{DSA-3627-1 DLA-481-1}
- phpmyadmin 4:4.5.5.1-1 (low)
@@ -550480,8 +550477,6 @@ CVE-2016-2560 (Multiple cross-site scripting (XSS)
vulnerabilities in phpMyAdmin
NOTE: b8f1e0f325f8f32bd82af64111d8c2e9055a363c and
73c8245a3d1893a710447957e28dcfb18d9b47ad present in wheezy and later, patch in
lists.debian.org/87lh4fpyap....@angela.anarcat.ath.cx
CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function
in lib ...)
- phpmyadmin 4:4.5.5.1-1 (low)
- [jessie] - phpmyadmin <not-affected>
- [wheezy] - phpmyadmin <not-affected>
CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status
code after ...)
- squid3 <not-affected> (Only affects 4.x)
- squid <not-affected> (Only affects 4.x)
@@ -551919,10 +551914,7 @@ CVE-2015-8798 (Directory traversal vulnerability in
the Management Server in Sym
NOT-FOR-US: Symantec
CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in
libImagi ...)
- pillow 3.1.1-1
- [jessie] - pillow <not-affected>
- python-imaging <removed>
- [wheezy] - python-imaging <not-affected>
- [squeeze] - python-imaging <not-affected>
NOTE:
https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
NOTE: https://github.com/python-pillow/Pillow/pull/1714
@@ -559875,9 +559867,6 @@ CVE-2015-8367 (The phase_one_correct function in
Libraw before 0.17.1 allows att
- ufraw <not-affected> (Vulnerable code not present)
- rawtherapee <not-affected> (Vulnerable code not present)
- exactimage <not-affected> (Vulnerable code not present)
- - xbmc <not-affected>
- [jessie] - xbmc <not-affected> (Transitional dummy package)
- [wheezy] - xbmc <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
NOTE: Introduced by:
https://github.com/LibRaw/LibRaw/commit/7b1430c76a19c93f3cc755bb2ff9bda0ba9b4082
(0.15.0)
CVE-2015-8366 (Array index error in smal_decode_segment function in LibRaw
before 0.1 ...)
@@ -559908,9 +559897,6 @@ CVE-2015-8366 (Array index error in
smal_decode_segment function in LibRaw befor
[wheezy] - exactimage <not-affected> (Vulnerable code not present)
[squeeze] - exactimage <not-affected> (Vulnerable code not present)
NOTE: exactimage: smal_decode_segment inside dcraw.h not dcraw.c
- - xbmc <not-affected>
- [jessie] - xbmc <not-affected> (Transitional dummy package)
- [wheezy] - xbmc <not-affected> (Vulnerable code not present)
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in
FFmpeg befor ...)
{DSA-4012-1 DLA-1142-1}
@@ -560101,7 +560087,7 @@ CVE-2015-8380 (The pcre_exec function in pcre_exec.c
in PCRE before 8.38 mishand
NOTE: "Matched, but too many substrings"
[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
NOTE: Fixed in 8.38 upstream
- - pcre2 <not-affected>
+ - pcre2 <not-affected> (Vulnerable code not present)
NOTE: Commit: http://vcs.pcre.org/pcre?view=revision&revision=1565
NOTE: https://bugs.exim.org/show_bug.cgi?id=1637
NOTE: https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
@@ -570193,7 +570179,7 @@ CVE-2015-4737 (Unspecified vulnerability in Oracle
MySQL Server 5.5.43 and earli
{DSA-3308-1 DLA-359-1}
- mysql-5.6 5.6.25-2
- mysql-5.5 <removed> (bug #792445)
- - mariadb-10.0 <not-affected>
+ - mariadb-10.0 <not-affected> (Vulnerable code not present and likely
specific to Oracle MySQL)
NOTE: Possibly related to
https://github.com/mysql/mysql-server/commit/c655515d
NOTE:
http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
NOTE: https://lists.launchpad.net/maria-developers/msg08985.html
@@ -573905,8 +573891,6 @@ CVE-2015-3395 (The msrle_decode_pal4 function in
msrledec.c in Libav before 10.7
- ffmpeg 7:2.6.2-1
[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
- libav 6:11.4-1
- [wheezy] - libav <not-affected>
- - chromium-browser <not-affected>
NOTE: Patch in ffmpeg:
https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553
NOTE: Patch in libav:
https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
CVE-2015-3394
@@ -577318,8 +577302,8 @@ CVE-2015-2684 (Shibboleth Service Provider (SP)
before 2.5.4 allows remote authe
- shibboleth-sp2 2.5.3+dfsg-2
NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h
in the ...)
- - linux <not-affected>
- - linux-2.6 <not-affected>
+ - linux <not-affected> (Vulnerable code not present)
+ - linux-2.6 <not-affected> (Vulnerable code not present)
NOTE: Introduced by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324
(v3.17-rc1)
NOTE: Fixed by
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06
(v4.0-rc3)
NOTE: https://www.openwall.com/lists/oss-security/2015/03/18/6
@@ -596509,7 +596493,6 @@ CVE-2014-4947 (Buffer overflow in the HVM graphics
console support in Citrix Xen
CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Internet ...)
- php-horde-imp 6.2.0-1
- horde3 <removed>
- [squeeze] - horde3 <not-affected>
NOTE: Upstream patches:
NOTE:
https://github.com/horde/horde/commit/578ff073724d9c179663098d8ff0076e8b361cfb
NOTE:
https://github.com/horde/horde/commit/2f1f4b10dec90fb67797ea80be0e029ead90f168
@@ -596517,7 +596500,6 @@ CVE-2014-4946 (Multiple cross-site scripting (XSS)
vulnerabilities in Horde Inte
CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde
Internet ...)
- php-horde-imp 6.2.0-1
- horde3 <removed>
- [squeeze] - horde3 <not-affected>
NOTE: Upstream patch:
https://github.com/horde/horde/commit/71633e649afc0704b72098a6e2530377dd67eb0c
NOTE: The bug is in PHP template file that does not exist in the
version in Squeeze.
CVE-2014-4944 (Multiple SQL injection vulnerabilities in
inc/bsk-pdf-dashboard.php in ...)
@@ -601686,7 +601668,7 @@ CVE-2014-3003
CVE-2014-3002
RESERVED
CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2
does not ...)
- - kfreebsd-10 <not-affected>
+ - kfreebsd-10 <not-affected> (Vulnerable code not present)
NOTE: it is called SA-14:07.devfs in the freebsd world
NOTE: the devfs rules file is loaded by /etc/init.d/freebsd-utils on
boot, so debian never was vulnerable
CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3
before p ...)
@@ -609880,7 +609862,6 @@ CVE-2014-0205 (The futex_wait function in
kernel/futex.c in the Linux kernel bef
NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE
Bugzilla
CVE-2014-0204 (OpenStack Identity (Keystone) before 2014.1.1 does not properly
handle ...)
- keystone 2014.1-5 (bug #749026)
- [wheezy] - keystone <not-affected>
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel
before ...)
{DLA-0015-1}
- linux 2.6.33-1
@@ -610946,7 +610927,7 @@ CVE-2013-6780 (Cross-site scripting (XSS)
vulnerability in uploader.swf in the U
- yui <removed> (low; bug #730104)
[squeeze] - yui <no-dsa> (Not backportable, doesn't build from source
in oldstable/stable)
[wheezy] - yui <no-dsa> (Not backportable, doesn't build from source in
oldstable/stable)
- - yui3 <not-affected>
+ - yui3 <not-affected> (Vulnerable code not present)
- moodle 2.5.3-1
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-6779
@@ -617445,7 +617426,6 @@ CVE-2013-4314 (The X509Extension in pyOpenSSL before
0.13.1 does not properly ha
- pyopenssl 0.13-2.1 (bug #722055)
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6,
and 2.5 ...)
- moodle 2.5.2-1
- [squeeze] - moodle <not-affected>
CVE-2016-2847 (fs/pipe.c in the Linux kernel before 4.5 does not limit the
amount of ...)
{DSA-3503-1}
- linux 4.3.5-1
@@ -619078,7 +619058,7 @@ CVE-2013-3719 (Cross-site scripting (XSS)
vulnerability in the aiContactSafe com
NOT-FOR-US: Joomla!
CVE-2013-3718 (evince is missing a check on number of pages which can lead to
a segme ...)
- evince 3.10.0-1
- [wheezy] - evince <not-affected>
+ [wheezy] - evince <not-affected> (Vulnerable code not present)
[squeeze] - evince <not-affected> (Vulnerable code not present)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701302
CVE-2013-3717
@@ -619489,7 +619469,6 @@ CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and
Nitro Reader 2.5.0.45 and earl
CVE-2013-3551 (Kernel/Modules/AgentTicketPhone.pm in Open Ticket Request
System (OTRS ...)
{DSA-2696-1}
- otrs2 3.2.7-1
- [squeeze] - otrs2 <not-affected>
CVE-2013-3550
REJECTED
CVE-2013-3549
@@ -623938,8 +623917,7 @@ CVE-2013-1889 (mod_ruid2 before 0.9.8 improperly
handles file descriptors which
[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
NOTE: Fix:
https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
CVE-2013-1888 (pip before 1.3 allows local users to overwrite arbitrary files
via a s ...)
- - python-pip <not-affected>
- [squeeze] - python-pip <not-affected>
+ - python-pip <not-affected> (Vulnerable code not present)
NOTE: https://github.com/pypa/pip/pull/780/files
NOTE: Not-affected as vulnerable code only in 1.3, and 1.3.1-1 fixed
the issue.
CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the
Views modul ...)
@@ -629428,7 +629406,7 @@ CVE-2013-0151 (The do_hvm_op function in
xen/arch/x86/hvm/hvm.c in Xen 4.2.x on
CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java
applet ...)
NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products
CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0
throug ...)
- - quagga <not-affected>
+ - quagga <not-affected> (Vulnerable code not present)
NOTE: OSPF protocol vulnerability, quagga implementation not affected
CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm
in Fai ...)
NOT-FOR-US: FairCom c-treeACE
@@ -630887,17 +630865,17 @@ CVE-2012-5884 (The User.get method in
Bugzilla/WebService/User.pm in Bugzilla 4.
[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
- bugzilla4 <itp> (bug #669643)
CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component
infras ...)
- - yui3 <not-affected>
+ - yui3 <not-affected> (Vulnerable code not present)
- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in
oldstable)
- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component
infras ...)
- - yui3 <not-affected>
+ - yui3 <not-affected> (Vulnerable code not present)
- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in
oldstable)
- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component
infras ...)
- - yui3 <not-affected>
+ - yui3 <not-affected> (Vulnerable code not present)
- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in
oldstable)
- icinga-web 1.7.1+dfsg2-6 (bug #694641)
@@ -632898,7 +632876,7 @@ CVE-2012-5107
CVE-2012-5106 (Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows
remote ...)
NOT-FOR-US: FreeFloat FTP Server
CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1
mirror durin ...)
- - phpmyadmin <not-affected>
+ - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in
SQLiteManager 1 ...)
NOT-FOR-US: SQLiteManager
CVE-2012-5104 (Cross-site scripting (XSS) vulnerability in
forums/ubbthreads.php in U ...)
@@ -634129,7 +634107,7 @@ CVE-2012-XXXX
- juju 0.5.1-2 (bug #685728)
CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE)
compone ...)
- openjdk-7 7u3-2.1.2-1
- - openjdk-6 <not-affected>
+ - openjdk-6 <not-affected> (Vulnerable code not present)
CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer
before ...)
NOT-FOR-US: IOServer
CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in
Newscoo ...)
@@ -634609,7 +634587,7 @@ CVE-2012-4549 (The processInvocation function in
org.jboss.as.ejb3.security.Auth
CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in
cgit 9.0 ...)
- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1
has unkn ...)
- - awstats <not-affected>
+ - awstats 7.1~dfsg-1 (unimportant)
NOTE: awredir.pl is not installed into the binary package
CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise
Linux ...)
NOT-FOR-US: FreeIPA
@@ -638313,7 +638291,7 @@ CVE-2012-3137 (The authentication protocol in Oracle
Database Server 10.2.0.3, 1
NOT-FOR-US: Oracle Database
CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE)
compon ...)
- openjdk-7 7u3-2.1.2-1
- - openjdk-6 <not-affected>
+ - openjdk-6 <not-affected> (Vulnerable code not present)
CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in
Oracle Fu ...)
NOT-FOR-US: Oracle Fusion
CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle
Databa ...)
@@ -638935,27 +638913,21 @@ CVE-2012-2861
RESERVED
CVE-2012-2860 (The date-picker implementation in Google Chrome before
21.0.1180.57 on ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/122918
CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly
handle ta ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before
21.0.1180. ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets
(CSS) DOM i ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on
Mac OS X ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google
Chrome ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and
before 21 ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac
OS X an ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on
Mac OS X ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google
Chrome b ...)
@@ -638964,13 +638936,10 @@ CVE-2012-2850 (Multiple unspecified vulnerabilities
in the PDF functionality in
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before
21.0.1180. ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before
21.0.1180.57 ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and
before 21 ...)
- chromium-browser 21.0.1180.57~r148591
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly
isolate r ...)
- chromium-browser 21.0.1180.57~r148591
[squeeze] - chromium-browser <end-of-life>
@@ -638980,13 +638949,11 @@ CVE-2012-2845 (Integer overflow in the
jpeg_data_load_data function in jpeg-data
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=771229
NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does
not pr ...)
- - chromium-browser <not-affected>
+ - chromium-browser <not-affected> (Vulnerable code not present)
CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before
20.0.1132.57 allo ...)
- chromium-browser 20.0.1132.57~r145807-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before
20.0.1132.57 allo ...)
- chromium-browser 20.0.1132.57~r145807-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in
exif-entry.c ...)
{DSA-2559-1}
- libexif 0.6.20-3 (bug #681454)
@@ -639015,17 +638982,14 @@ CVE-2012-2835
RESERVED
CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows
remote at ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in
Google Chrom ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2832 (The image-codec implementation in the PDF functionality in
Google Chro ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 allo ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array
values, ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets
(CSS) imple ...)
- chromium-browser 20.0.1132.43~r143823-1
[squeeze] - chromium-browser <end-of-life>
@@ -639035,33 +638999,25 @@ CVE-2012-2827 (Use-after-free vulnerability in the
UI in Google Chrome before 20
- chromium-browser <not-affected> (MacOS specific)
CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement
texture ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43
allows rem ...)
- libxslt 1.1.26-13 (low; bug #679283)
[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 allo ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 allo ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43
allows remo ...)
- chromium-browser <not-affected> (PDF functionality not present in
Chromium)
CVE-2012-2821 (The autofill implementation in Google Chrome before
20.0.1132.43 does ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement
SVG filt ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in
Google Chro ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 allo ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before
20.0.1132.43 allo ...)
- chromium-browser 20.0.1132.43~r143823-1
- [squeeze] - chromium-browser <not-affected>
CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly
isolate ...)
- chromium-browser <not-affected> (windows-only)
CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to
obtain po ...)
@@ -640928,7 +640884,6 @@ CVE-2012-2130 (A Security Bypass vulnerability exists
in PolarSSL 0.99pre4 throu
[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in
DokuWiki 2012- ...)
- dokuwiki 0.0.20120125a-1 (low; bug #670917)
- [squeeze] - dokuwiki <not-affected>
NOTE: http://secunia.com/advisories/48848/
CVE-2012-2128 (Cross-site request forgery (CSRF) vulnerability in doku.php in
DokuWik ...)
- dokuwiki 0.0.20120125a-1 (unimportant)
@@ -643115,8 +643070,6 @@ CVE-2012-0869 (Cross-site scripting (XSS)
vulnerability in fup in Frams' Fast Fi
- fex 20120215-1 (low; bug #660621)
CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the
replication-setup func ...)
- phpmyadmin 4:3.4.10.1-1 (unimportant)
- [lenny] - phpmyadmin <not-affected>
- [squeeze] - phpmyadmin <not-affected>
NOTE: hypothetical issue
CVE-2012-1189 (Stack-based buffer overflow in
modules/graphic/ssgraph/grsound.cpp in ...)
- torcs 1.3.3-1 (low; bug #660555)
@@ -644081,7 +644034,7 @@ CVE-2012-0828 (Heap-based buffer overflow in
Xchat-WDK before 1499-4 (2012-01-18
- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using
unspecified fiel ...)
- drupal7 7.11-1
- - drupal6 <not-affected>
+ - drupal6 <not-affected> (Vulnerable code not present)
CVE-2012-0826 (Cross-site request forgery (CSRF) vulnerability in the
Aggregator modu ...)
{DSA-2776-1}
- drupal7 7.11-1
@@ -646938,8 +646891,8 @@ CVE-2011-4721
CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause
a deni ...)
NOT-FOR-US: Hillstone HS TFTP Server
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before
16.0.912. ...)
- - chromium-browser <not-affected>
- - webkit <not-affected>
+ - chromium-browser <not-affected> (Vulnerable code not present)
+ - webkit <not-affected> (Vulnerable code not present)
NOTE: Duplicate for chromebooks
CVE-2011-4718 (Session fixation vulnerability in the Sessions subsystem in PHP
before ...)
- php5 5.5.2+dfsg-1 (low)
@@ -647205,8 +647158,8 @@ CVE-2011-4679 (vtiger CRM before 5.3.0 does not
properly recognize the disabled
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird
before 3. ...)
- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not
properly res ...)
- - chromium-browser <not-affected>
- - webkit <not-affected>
+ - chromium-browser <not-affected> (Vulnerable code not present)
+ - webkit <not-affected> (Vulnerable code not present)
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly
restrict ...)
NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer
8.0 and e ...)
@@ -647214,8 +647167,8 @@ CVE-2010-5071 (The JavaScript implementation in
Microsoft Internet Explorer 8.0
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not
properly rest ...)
NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google
Chrome 4 doe ...)
- - chromium-browser <not-affected>
- - webkit <not-affected>
+ - chromium-browser <not-affected> (Vulnerable code not present)
+ - webkit <not-affected> (Vulnerable code not present)
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5
does not ...)
NOT-FOR-US: Opera
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0,
Thunderbi ...)
@@ -647569,8 +647522,8 @@ CVE-2010-5064 (Multiple cross-site scripting (XSS)
vulnerabilities in Virtual Wa
CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka
VWar) 1 ...)
NOT-FOR-US: Virtual War
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before
16.0.912. ...)
- - chromium-browser <not-affected>
- - webkit <not-affected>
+ - chromium-browser <not-affected> (Vulnerable code not present)
+ - webkit <not-affected> (Vulnerable code not present)
NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in
includes/templa ...)
NOT-FOR-US: Zen Cart
@@ -649617,15 +649570,12 @@ CVE-2011-3915 (Buffer overflow in Google Chrome
before 16.0.912.63 allows remote
- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8,
as use ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (v8-i18n chrome issue)
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 allow ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 allow ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF
document ...)
- chromium-browser <not-affected> (Chrome pdf plugin)
@@ -649633,19 +649583,15 @@ CVE-2011-3911 (Google Chrome before 16.0.912.63
does not properly handle PDF doc
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV
video fr ...)
- chromium-browser 16.0.912.63~r113337-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google
Chrome befor ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG
documents ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63
allows rem ...)
- chromium-browser 16.0.912.63~r113337-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows
remote attac ...)
- chromium-browser <not-affected> (Chrome pdf plugin)
- webkit <not-affected> (Chrome pdf plugin)
@@ -649654,12 +649600,10 @@ CVE-2011-3905 (libxml2, as used in Google Chrome
before 16.0.912.63, allows remo
- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 allow ...)
- chromium-browser 16.0.912.63~r113337-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform
regex match ...)
- chromium-browser 16.0.912.63~r113337-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3902
RESERVED
CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information
disclosure vuln ...)
@@ -649668,8 +649612,6 @@ CVE-2011-3900 (Google V8, as used in Google Chrome
before 15.0.874.121, allows r
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- libv8 3.5.10.24
- [squeeze] - chromium-browser <not-affected>
- [squeeze] - libv8 <not-affected>
CVE-2011-3899
RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime
Environment (JRE) ...)
@@ -649677,12 +649619,10 @@ CVE-2011-3898 (Google Chrome before 15.0.874.120,
when Java Runtime Environment
- webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before
15.0.874.120 allo ...)
- chromium-browser 15.0.874.121~r109964-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows
remote att ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google
Chrome befo ...)
{DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
@@ -649693,14 +649633,12 @@ CVE-2011-3895 (Heap-based buffer overflow in the
Vorbis decoder in Google Chrome
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8
decodi ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement
the MKV ...)
{DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
- ffmpeg 7:2.4.1-1
- [squeeze] - chromium-browser <not-affected>
NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
@@ -649708,21 +649646,17 @@ CVE-2011-3892 (Double free vulnerability in the
Theora decoder in Google Chrome
{DSA-2471-1}
- chromium-browser 15.0.874.121~r109964-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
- libav 4:0.8~beta2-1 (bug #654534; bug #654571)
- ffmpeg 7:2.4.1-1
NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 allo ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in
Google C ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 allo ...)
- chromium-browser 15.0.874.106~r107270-1
@@ -649730,33 +649664,25 @@ CVE-2011-3888 (Use-after-free vulnerability in
Google Chrome before 15.0.874.102
NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle
javascript: ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows
remote ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <not-affected> (Chrome issue)
- libv8 3.6
- [squeeze] - libv8 <not-affected>
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 allo ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97402
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address
timing iss ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 allo ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96632
CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 allo ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3881 (WebKit, as used in Google Chrome before 15.0.874.102 and
Android befor ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/97353
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an
unspecifi ...)
- chromium-browser 15.0.874.106~r107270-1 (unimportant)
@@ -649766,12 +649692,10 @@ CVE-2011-3879 (Google Chrome before 15.0.874.102
does not prevent redirects to c
NOTE: http://trac.webkit.org/changeset/96610
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows
remote atta ...)
- chromium-browser 15.0.874.106~r107270-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/96999
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache
internals pag ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <not-affected> (Chrome issue)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle
downloading ...)
- chromium-browser 15.0.874.106~r107270-1
[squeeze] - chromium-browser <end-of-life>
@@ -649782,7 +649706,6 @@ CVE-2011-3874 (Stack-based buffer overflow in
libsysutils in Android 2.2.x throu
NOT-FOR-US: Android
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement
shader t ...)
- chromium-browser 14.0.835.202~r103287-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-XXXX [Fix file indirectory injection]
- puppet 2.7.3-3 (unimportant)
@@ -651124,7 +651047,7 @@ CVE-2011-3389 (The SSL protocol, as used in certain
configurations in Microsoft
[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
- openjdk-6 6b23~pre11-1
- openjdk-7 7~b147-2.0-1
- - iceweasel <not-affected>
+ - iceweasel <not-affected> (Vulnerable code not present)
NOTE:
http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
- chromium-browser 15.0.874.106~r107270-1
[squeeze] - chromium-browser <end-of-life>
@@ -651571,7 +651494,6 @@ CVE-2011-3235 (WebKit, as used in Apple iTunes before
10.5, allows man-in-the-mi
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle
boxes, whic ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows
man-in-the-middle ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
@@ -652267,7 +652189,7 @@ CVE-2008-7295 (Microsoft Internet Explorer cannot
properly restrict modification
NOT-FOR-US: Internet Explorer
CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict
modifications ...)
- chromium-browser 4.0.211.0
- - webkit <not-affected>
+ - webkit <not-affected> (Vulnerable code not present)
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications
to coo ...)
- iceweasel 4.0-1 (unimportant)
NOTE: This is about the lack of HTTP Strict Transport Security, which
is ultimately
@@ -652731,21 +652653,17 @@ CVE-2011-2881 (Google Chrome before 14.0.835.202
does not properly handle Google
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before
14.0.835.202 allo ...)
- chromium-browser 14.0.835.202~r103287-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/95667
NOTE: http://trac.webkit.org/changeset/95689
NOTE: http://trac.webkit.org/changeset/95728
CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider
object li ...)
- chromium-browser 14.0.835.202~r103287-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/94984
CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict
access to ...)
- chromium-browser 14.0.835.202~r103287-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/95488
CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG
text, w ...)
- chromium-browser 14.0.835.202~r103287-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/94508
CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before
14.0.835.202 allo ...)
- chromium-browser 14.0.835.202~r103287-1
@@ -652753,7 +652671,6 @@ CVE-2011-2876 (Use-after-free vulnerability in Google
Chrome before 14.0.835.202
NOTE: http://trac.webkit.org/changeset/95600
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not prop ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (libv8 issue)
- libv8 3.8.9.20-1 (bug #687574)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
@@ -652761,7 +652678,6 @@ CVE-2011-2875 (Google V8, as used in Google Chrome
before 14.0.835.163, does not
NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected
pin ope ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6,
allows ...)
NOT-FOR-US: Apple WebKit
@@ -652791,27 +652707,22 @@ CVE-2011-2865
RESERVED
CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle
Tibetan cha ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2863 (Insufficient policy enforcement in V8 in Google Chrome prior to
14.0.0 ...)
- chromium-browser 14.0.835.163~r101024-1
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does
not prop ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle
strings in ...)
- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 allo ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions
for non-g ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle
triangle ar ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 allo ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -652820,47 +652731,39 @@ CVE-2011-2857 (Use-after-free vulnerability in
Google Chrome before 14.0.835.163
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows
remote ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- - webkit <not-affected>
+ - webkit <not-affected> (Vulnerable code not present)
- libv8 3.4.14.21-1
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle
Cascading S ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 allo ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/94109
NOTE: http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 allo ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before
14.0.83 ...)
- chromium-browser 14.0.835.163~r101024-1
[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
- - webkit <not-affected>
+ - webkit <not-affected> (Vulnerable code not present)
- libv8 3.4.14.21-1
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle
video, whic ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle
Khmer chara ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2849 (The WebSockets implementation in Google Chrome before
14.0.835.163 all ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote
attacker ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google
Chrome b ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/93521
CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 allo ...)
- chromium-browser 14.0.835.163~r101024-1
@@ -652870,11 +652773,9 @@ CVE-2011-2845 (Google Chrome before 15.0.874.102
does not properly handle histor
[squeeze] - chromium-browser <end-of-life>
CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3
files, ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected>
CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle
media buffe ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X
does no ...)
- chromium-browser <not-affected>
@@ -652884,24 +652785,20 @@ CVE-2011-2841 (Google Chrome before 14.0.835.163
does not properly perform garba
- webkit <not-affected>
CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote
attacker ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/90164
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on
Linux d ...)
- chromium-browser <not-affected> (Pdf plugin)
CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider
the MIME ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC
and PI ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar
interaction ...)
- chromium-browser 14.0.835.163~r101024-1 (unimportant)
- webkit <not-affected> (chromium specific)
CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows
attackers t ...)
- chromium-browser 14.0.835.163~r101024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected>
CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome
before ...)
{DSA-2394-1}
@@ -652916,23 +652813,18 @@ CVE-2011-2830 (Google V8, as used in Google Chrome
before 14.0.835.163, does not
NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit
platfo ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows
remote ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (Chromium specific)
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 allo ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to
bypass th ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 allo ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/r91738
NOTE: http://trac.webkit.org/r91739
NOTE: http://trac.webkit.org/changeset/92744
@@ -652942,14 +652834,12 @@ CVE-2011-2824 (Use-after-free vulnerability in
Google Chrome before 13.0.782.215
NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 allo ...)
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly
parse U ...)
- chromium-browser <not-affected> (windows only)
- webkit <not-affected>
CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome
before ...)
{DSA-2394-1}
- chromium-browser 13.0.782.215~r97094-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
- libxml2 2.7.8.dfsg-5 (low; bug #643648)
[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
@@ -652957,7 +652847,6 @@ CVE-2011-2820 (WebKit, as used in Apple iTunes before
10.5, allows man-in-the-mi
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass th ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
{DSA-2307-1}
@@ -652989,24 +652878,20 @@ CVE-2011-2806 (Google Chrome before 13.0.782.215 on
Windows does not properly ha
- chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass th ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle
nested func ...)
- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia
paths, ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (skia code)
CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does
not prop ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected>
- libv8 3.4
[squeeze] - libv8 <not-affected>
NOTE: Bug was introduced in
http://code.google.com/p/v8/source/detail?r=8224
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to
obtain po ...)
{DSA-2307-1}
@@ -653020,15 +652905,12 @@ CVE-2011-2799 (Use-after-free vulnerability in
Google Chrome before 13.0.782.107
NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict
access to ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome
before ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to
functions ...)
- chromium-browser 13.0.782.107~r94237-1
@@ -653036,15 +652918,12 @@ CVE-2011-2795 (Google Chrome before 13.0.782.107
does not prevent calls to funct
NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform
text itera ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in
Google ...)
- chromium-browser 13.0.782.107~r94237-1 (unimportant)
@@ -653052,39 +652931,30 @@ CVE-2011-2791 (The International Components for
Unicode (ICU) functionality in G
NOTE: ICU bug only in debug build
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 allo ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in
Google ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address
re-entranc ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the
speech-inpu ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2785 (The extensions implementation in Google Chrome before
13.0.782.107 doe ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to
obtain se ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (issue in angleproject)
CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that
developer-mode ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-2781
RESERVED
@@ -653159,7 +653029,6 @@ CVE-2011-2762 (The web interface on the LifeSize Room
appliance LS_RM1_3.5.3 (11
NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a
page g ...)
- chromium-browser 14.0.835.157~r99685-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass
ACL rules ...)
NOT-FOR-US: Brocade BigIron RX
@@ -653601,7 +653470,6 @@ CVE-2011-2600 (The GPU support functionality in
Windows XP does not properly res
NOT-FOR-US: Windows XP
CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as
a WebGL ...)
- chromium-browser <unfixed> (unimportant)
- [squeeze] - chromium-browser <not-affected>
CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote
attacker ...)
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
@@ -654302,17 +654170,14 @@ CVE-2011-2352 (WebKit, as used in Apple iTunes
before 10.5, allows man-in-the-mi
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before
12.0.742.112 allo ...)
- chromium-browser 12.0.742.112~r90304-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88584
NOTE: http://trac.webkit.org/changeset/88549
CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not
properly ...)
- chromium-browser 12.0.742.112~r90304-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88411
NOTE: http://trac.webkit.org/changeset/88434
CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before
12.0.742.112 allo ...)
- chromium-browser 12.0.742.112~r90304-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112,
performs an i ...)
- libv8 3.4.14-1
@@ -654320,11 +654185,9 @@ CVE-2011-2348 (Google V8, as used in Google Chrome
before 12.0.742.112, performs
NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle
Cascading S ...)
- chromium-browser 12.0.742.112~r90304-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88448
CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before
12.0.742.112 allo ...)
- chromium-browser 12.0.742.112~r90304-1
- [squeeze] - chromium-browser <not-affected>
NOTE: introduced in http://trac.webkit.org/changeset/77740
NOTE: http://trac.webkit.org/changeset/87827
CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112
does not ...)
@@ -654730,7 +654593,6 @@ CVE-2011-2383 (Microsoft Internet Explorer 9 and
earlier does not properly restr
NOT-FOR-US: Microsoft
CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91
allows remo ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/88071
CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet
Explorer 9 bet ...)
NOT-FOR-US: Microsoft
@@ -655685,15 +655547,12 @@ CVE-2011-1819 (Google Chrome before 12.0.742.91
allows remote attackers to perfo
- webkit <not-affected> (chromium extensions)
CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google
Chrome befo ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/86725
CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement
history d ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google
Chrome b ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/86507
CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to
inject scr ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
@@ -655703,7 +655562,6 @@ CVE-2011-1814 (Google Chrome before 12.0.742.91
attempts to read data from an un
- webkit <not-affected> (chromium pdf plugin)
CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement
the frame ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to
bypass int ...)
- chromium-browser 12.0.742.91~r87961-1 (unimportant)
@@ -655718,27 +655576,22 @@ CVE-2011-1810 (The Cascading Style Sheets (CSS)
implementation in Google Chrome
NOTE: http://trac.webkit.org/changeset/83345
CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in
Google Ch ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/80890
CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before
12.0.742.91 allow ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84096
NOTE: http://trac.webkit.org/changeset/84098
NOTE: http://trac.webkit.org/changeset/84119
CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle
blobs, which ...)
- chromium-browser 11.0.696.71~r86024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement
the GPU c ...)
- chromium-browser 11.0.696.71~r86024-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1805 (Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a
remote at ...)
- chromium-browser 11.0.696.65~r84435-1
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as
used in ...)
- chromium-browser 11.0.696.71~r86024-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/86448
CVE-2011-1803 (An issue exists in
third_party/WebKit/Source/WebCore/svg/animation/SVG ...)
NOTE: Historic webkit/Chromium issues
@@ -655749,33 +655602,27 @@ CVE-2011-1801 (Unspecified vulnerability in Google
Chrome before 11.0.696.71 all
NOTE: http://trac.webkit.org/changeset/85977
CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in
WebCor ...)
- chromium-browser 11.0.696.68~r84545-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform
casts of va ...)
{DSA-2245-1}
- chromium-browser 11.0.696.68~r84545-1
CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google
Chrome ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
{DSA-2245-1}
- chromium-browser 12.0.742.91~r87961-1
CVE-2011-1796 (Use-after-free vulnerability in the
FrameView::calculateScrollbarModes ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84300
CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement
function i ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/83690
CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function
in platf ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84422
CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit
in Goog ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/85406
CVE-2011-1792
RESERVED
@@ -656063,7 +655910,6 @@ CVE-2011-1692
RESERVED
CVE-2011-1691 (The counterToCSSValue function in
CSSComputedStyleDeclaration.cpp in t ...)
- chromium-browser 12.0.742.91~r87961-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/82222
CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0
through 3.8 ...)
{DSA-2220-1}
@@ -656788,40 +656634,32 @@ CVE-2011-1455 (Google Chrome before 11.0.696.57
does not properly handle PDF doc
- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling
functionality in G ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote
attackers ...)
NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome
sec team will know and fix
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote
attackers ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM
id maps, ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/83209
CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file
dialog ...)
- chromium-browser 11.0.696.65~r84435-1 (unimportant)
- webkit <not-affected> (chromium specific)
CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation
in Googl ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/82088
CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform
height calc ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/81786
CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle
drop-down li ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/81851
CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to
spoof the ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG
document ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google
Chrome ...)
{DSA-2245-1}
@@ -656829,15 +656667,12 @@ CVE-2011-1444 (Race condition in the sandbox
launcher implementation in Google C
- webkit <not-affected> (chromium sandbox)
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement
layering, ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/82624
CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle
mutation eve ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/81611
CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a
cast of a ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/80773
NOTE: http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before
11.0.696.57 allow ...)
@@ -656850,15 +656685,12 @@ CVE-2011-1439 (Google Chrome before 11.0.696.57 on
Linux does not properly isola
- webkit <not-affected> (chromium specific)
CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to
bypass the ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/81399
CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57
allow r ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/79462
CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly
interact w ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement
the tabs ...)
- chromium-browser 11.0.696.65~r84435-1
@@ -656981,8 +656813,6 @@ CVE-2011-1414 (Cross-site scripting (XSS)
vulnerability in the tibbr web server,
NOT-FOR-US: TIBCO tibbr
CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly
mitigate ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as
used in Wo ...)
- openarena <not-affected> (Vulnerable code not present, the version in
sid uses ioquake3)
@@ -657220,15 +657050,12 @@ CVE-2011-1304 (Unspecified vulnerability in Google
Chrome before 11.0.696.57 all
- chromium-browser 11.0.696.65~r84435-1 (unimportant)
CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle
floating obj ...)
- chromium-browser 11.0.696.65~r84435-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/80682
CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome
before ...)
- chromium-browser 10.0.648.205~r81283-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google
Chrome befor ...)
- chromium-browser 10.0.648.205~r81283-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1300 (The Program::getActiveUniformMaxLength function in
libGLESv2/Program.c ...)
NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
@@ -657240,7 +657067,6 @@ CVE-2011-1297
RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG
text, w ...)
- chromium-browser 10.0.648.204~r79063-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/80520
CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple
Safari ...)
- chromium-browser 10.0.648.204~r79063-1
@@ -657248,7 +657074,6 @@ CVE-2011-1295 (WebKit, as used in Google Chrome
before 10.0.648.204 and Apple Sa
NOTE: http://trac.webkit.org/changeset/80487
CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle
Cascading S ...)
- chromium-browser 10.0.648.204~r79063-1
- [squeeze] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection
implementation in G ...)
{DSA-2245-1}
@@ -657260,7 +657085,6 @@ CVE-2011-1292 (Use-after-free vulnerability in the
frame-loader implementation i
NOTE: http://trac.webkit.org/changeset/79808
CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base
string ...)
- chromium-browser 10.0.648.204~r79063-1
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion
(RIM) Bl ...)
{DSA-2192-1}
@@ -657470,26 +657294,18 @@ CVE-2011-1202 (The xsltGenerateIdFunction function
in functions.c in libxslt 1.1
NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome
before ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (losecontext not present in 1.2)
NOTE: http://trac.webkit.org/changeset/78921
CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a
cast of ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present)
NOTE: http://trac.webkit.org/changeset/78744
CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle
DataView ob ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (issue in libv8 bindings)
NOTE: https://trac.webkit.org/changeset/78738
CVE-2011-1198 (The video functionality in Google Chrome before 10.0.648.127
allows re ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- libav <not-affected> (Specific to ffmpeg-mt)
CVE-2011-1197 (Google Chrome before 10.0.648.127 does not properly perform
table pain ...)
{DSA-2189-1}
@@ -657498,15 +657314,11 @@ CVE-2011-1197 (Google Chrome before 10.0.648.127
does not properly perform table
NOTE: http://trac.webkit.org/changeset/79734
CVE-2011-1196 (The OGG container implementation in Google Chrome before
10.0.648.127 ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- libav 4:0.7.1-1
- ffmpeg-debian <not-affected> (Info from maintainer: the patch does
not apply 0.5, and I failed to reproduce)
- ffmpeg <not-affected> (Info from maintainer: the patch does not apply
0.5, and I failed to reproduce)
CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before
10.0.648.127 allo ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present)
NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before
10.0.648. ...)
@@ -657519,14 +657331,10 @@ CVE-2011-1193 (Google V8, as used in Google Chrome
before 10.0.648.127, allows r
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly
handle Un ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (issue in chromium-specific code)
NOTE: http://trac.webkit.org/changeset/76732
CVE-2011-1191 (Use-after-free vulnerability in Google Chrome before
10.0.648.127 allo ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not yet present)
NOTE: http://trac.webkit.org/changeset/76652
CVE-2011-1190 (The Web Workers implementation in Google Chrome before
10.0.648.127 al ...)
@@ -657559,8 +657367,6 @@ CVE-2011-1187 (Google Chrome before 10.0.648.127
allows remote attackers to bypa
NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly
handle pa ...)
- chromium-browser 10.0.648.127~r76697-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1)
navigation and ...)
- chromium-browser 10.0.648.127~r76697-1
@@ -657757,19 +657563,13 @@ CVE-2010-4754 (The glob implementation in libc in
FreeBSD 7.3 and 8.1, NetBSD 5.
NOT-FOR-US: FreeBSD/NetBSD libc
CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform
layout, whi ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code introduced in commit 75823)
NOTE: http://trac.webkit.org/changeset/78775
CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before
9.0.597.107 allow ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (Chromium specific)
CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict
access to ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107
allows re ...)
{DSA-2189-1}
@@ -657784,30 +657584,21 @@ CVE-2011-1121 (Integer overflow in Google Chrome
before 9.0.597.107 allows remot
NOTE: http://trac.webkit.org/changeset/77565
CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107
allows re ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (webgl support not present in 1.2)
NOTE: http://trac.webkit.org/changeset/77956
CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine
device or ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (device orientation code/support not present in
1.2)
NOTE: http://trac.webkit.org/changeset/77418
CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle
TEXTAREA ele ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/77144
CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML
docume ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/77262
CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG
animatio ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
NOTE: http://trac.webkit.org/changeset/77548
CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render
tables, whic ...)
{DSA-2189-1}
@@ -657827,19 +657618,13 @@ CVE-2011-1113 (Google Chrome before 9.0.597.107 on
64-bit Linux platforms does n
- webkit <not-affected> (chromium specific)
CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG
renderi ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (Chromium specific)
CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement
forms con ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
NOTE: needs port (s/FormAssociatedElement/HTMLFormElement)
NOTE: http://trac.webkit.org/changeset/77114
CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement
key frame ...)
- chromium-browser 9.0.597.107~r75357-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (vulnerable code not present in 1.2)
NOTE: http://trac.webkit.org/changeset/76828
CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process
nodes in Ca ...)
@@ -658334,7 +658119,6 @@ CVE-2011-0983 (Google Chrome before 9.0.597.94 does
not properly handle anonymou
NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94
allows ...)
- chromium-browser 9.0.597.98~r74359-1
- [squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
NOTE: http://trac.webkit.org/changeset/76990
CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event
handli ...)
@@ -658785,7 +658569,6 @@ CVE-2011-0785 (Unspecified vulnerability in the
Oracle Help component in Oracle
NOT-FOR-US: Oracle
CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote
attack ...)
- chromium-browser 9.0.597.84~r72991-1
- [squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (chromium specific)
CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84
allows us ...)
@@ -659647,7 +659430,6 @@ CVE-2011-XXXX [multiple spip issues]
- spip 2.1.1-3 (bug #609212; bug #610016)
CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do n ...)
- chromium-browser 9.0.597.45~r70550-1
- [squeeze] - chromium-browser <not-affected>
[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
- webkit <not-affected> (chromium specific)
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do n ...)
@@ -659675,8 +659457,6 @@ CVE-2011-0480 (Multiple buffer overflows in
vorbis_dec.c in the Vorbis decoder i
- libav 4:0.6.1-1 (bug #610550)
CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do n ...)
- chromium-browser 9.0.597.45~r70550-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do n ...)
- chromium-browser 6.0.472.63~r59945-5
@@ -659706,8 +659486,6 @@ CVE-2011-0471 (The node-iteration implementation in
Google Chrome before 8.0.552
NOTE: http://trac.webkit.org/changeset/73620
CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do n ...)
- chromium-browser 9.0.597.45~r70550-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
CVE-2011-0469 (Code injection in openSUSE when running some source services
used in t ...)
- open-build-service <not-affected> (Fixed before initial upload to
Debian)
@@ -661596,8 +661374,6 @@ CVE-2010-4492 (Use-after-free vulnerability in Google
Chrome before 8.0.552.215
NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict
privileged ...)
- chromium-browser 9.0.597.45~r70550-1
- [squeeze] - chromium-browser <not-affected>
- [wheezy] - chromium-browser <not-affected>
- webkit <not-affected> (issue in chromium-specific webkit code)
NOTE: http://code.google.com/p/chromium/issues/detail?id=62168
NOTE: http://trac.webkit.org/changeset/71533
@@ -661611,7 +661387,6 @@ CVE-2010-4489 (libvpx, as used in Google Chrome
before 8.0.552.215 and possibly
[squeeze] - libvpx <not-affected> (regression in later version)
CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP
proxy a ...)
- chromium-browser 9.0.597.83~r72435-1 (unimportant)
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium issue)
NOTE: only a browser crash
CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before
8.0.552.215 ...)
@@ -661627,7 +661402,6 @@ CVE-2010-4485 (Google Chrome before 8.0.552.215 does
not properly restrict the g
NOTE: only a browser crash due to opening too many dialogs (i.e. a dos)
CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5
databa ...)
- chromium-browser 9.0.597.83~r72435-1 (unimportant)
- [squeeze] - chromium-browser <not-affected>
- webkit <not-affected> (chromium specific)
NOTE: only a browser crash
CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict
read acces ...)
@@ -662815,7 +662589,6 @@ CVE-2010-4038 (The Web Sockets implementation in
Google Chrome before 7.0.517.41
- webkit <not-affected> (issue in chromium code base)
- chromium-browser 9.0.570
[squeeze] - chromium-browser <not-affected> (websocket_experiment not
enabled in v6)
- [wheezy] - chromium-browser <not-affected>
CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41
allows re ...)
- webkit <not-affected> (affected gesture code not present in 1.2.x)
- chromium-browser <unfixed> (unimportant)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a725c9c20e17ea10d3d5a8d807e597a2f536e0b6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a725c9c20e17ea10d3d5a8d807e597a2f536e0b6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
