[Secure-testing-commits] r14575 - data/CVE

Michael Gilbert Thu, 29 Apr 2010 19:08:01 -0700

Author: gilbert-guest
Date: 2010-04-30 02:07:30 +0000 (Fri, 30 Apr 2010)
New Revision: 14575


Modified:
   data/CVE/list
Log:
chrome updates

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-04-30 01:51:35 UTC (rev 14574)
+++ data/CVE/list       2010-04-30 02:07:30 UTC (rev 14575)
@@ -244,18 +244,32 @@
 CVE-2010-1507
        RESERVED
 CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 
allow ...)
-       TODO: check
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <not-affected> (doesn't use v8 bindings yet)
+       TODO: recheck newer webkits
 CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from 
loading ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome 
before ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome 
before ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 
allows ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google 
Chrome ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support 
forms, ...)
+       - chromium-browser <itp> (bug #520324) 
+       - webkit <undetermined>
        TODO: check
 CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 
3.3 ...)
        NOT-FOR-US: MusicBox
@@ -1000,10 +1014,7 @@
        NOTE: http://trac.webkit.org/changeset/55511
        NOTE: evidence of memory corruption 
http://code.google.com/p/chromium/issues/detail?id=37061
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict 
...)
-       - webkit <unfixed> (bug #577457)
-       - kdelibs <undetermined>
-       - kde4libs <undetermined>
-       - qt4-x11 <undetermined>
+       - webkit <not-affected> (bug #577457; proof-of-concepts are not 
effective against webkit)
        - chromium-browser <itp> (bug #520324) 
        NOTE: http://trac.webkit.org/changeset/55822
        NOTE: vulnerable code is in KURL.cpp even though the changeset says it 
is in KURLGoogle.cpp


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r14575 - data/CVE

Reply via email to