[Secure-testing-commits] r15213 - data/CVE

Giuseppe Iuculano Wed, 25 Aug 2010 23:46:17 -0700

Author: iuculano
Date: 2010-08-26 06:45:08 +0000 (Thu, 26 Aug 2010)
New Revision: 15213


Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-08-25 21:14:46 UTC (rev 15212)
+++ data/CVE/list       2010-08-26 06:45:08 UTC (rev 15213)
@@ -1,23 +1,50 @@
 CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement 
the ...)
-       TODO: check
+       - chromium-browser 5.0.375.127~r55887-1
+       - webkit <undetermined>
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
+       NOTE: http://trac.webkit.org/changeset/65329
+       NOTE: http://trac.webkit.org/changeset/65325
 CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the 
Ruby ...)
-       TODO: check
+       - chromium-browser 5.0.375.127~r55887-1
+       - webkit <undetermined>
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
+       NOTE: http://trac.webkit.org/changeset/65090
 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google 
Chrome ...)
-       TODO: check
+       - chromium-browser 5.0.375.127~r55887-1
+       - webkit <not-affected> (chromium specific)
 CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement 
the ...)
-       TODO: check
+       - chromium-browser 5.0.375.127~r55887-1
+       - webkit <not-affected> (chromium specific)
 CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME 
types, ...)
-       TODO: check
+       - webkit <undetermined>
+       - chromium-browser 5.0.375.127~r55887-1
+       NOTE: http://trac.webkit.org/changeset/64293
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
+       NOTE: http://trac.webkit.org/changeset/65280
 CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement 
the ...)
-       TODO: check
+       - webkit <undetermined>
+       - chromium-browser 5.0.375.127~r55887-1
+       NOTE: http://trac.webkit.org/changeset/63925
+       NOTE: http://trac.webkit.org/changeset/64077
 CVE-2010-3114 (The text-editing implementation in Google Chrome before 
5.0.375.127 ...)
-       TODO: check
+       - webkit <undetermined>
+       - chromium-browser 5.0.375.127~r55887-1
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
+       NOTE: http://trac.webkit.org/changeset/63773
 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG 
...)
-       TODO: check
+       - webkit <undetermined>
+       - chromium-browser 5.0.375.127~r55887-1
+       NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
+       NOTE: http://trac.webkit.org/changeset/63865
 CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement 
file ...)
-       TODO: check
+       - webkit <undetermined>
+       - chromium-browser 5.0.375.127~r55887-1
 CVE-2010-3111 (Google Chrome before 5.0.375.127 does not properly mitigate an 
...)
-       TODO: check
+       - chromium-browser 5.0.375.127~r55887-1
+       - webkit <not-affected> (chromium specific)
 CVE-2010-3110
        RESERVED
 CVE-2010-XXXX [CouchDB insecure library loading]
@@ -493,7 +520,7 @@
        NOTE: http://trac.webkit.org/changeset/63219
 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in 
Google ...)
        - webkit <undetermined>
-       - chromium-browser <undetermined>
+       - chromium-browser 5.0.375.125~r53311-1
        NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
        NOTE: http://trac.webkit.org/changeset/62134
 CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an 
...)
@@ -3458,6 +3485,8 @@
        - webkit <undetermined>
        - chromium-browser <undetermined>
        NOTE: is CVE-2010-2441 a dup of this?
+       NOTE: chromium-sec don't have info
+       NOTE: Sounds like it could be iPhone specific
        TODO: someone with access to the webkit security list please track down 
the commit
 CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone 
and iPod ...)
        NOT-FOR-US: Apple iPhone
@@ -3475,6 +3504,8 @@
        - webkit <undetermined>
        - chromium-browser <undetermined>
        NOTE: apple hasn't disclosed enough info to check
+       NOTE: From Apple's advisory: "This issue does not affect Mac OS X 
systems." Implies it may be outside of WebKit
+       NOTE: chromium-sec don't have info
        TODO: someone with access to the webkit security list please track down 
the commit
 CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 
5.0 on ...)
        - webkit 1.2.1-2


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15213 - data/CVE

Reply via email to