Author: iuculano
Date: 2011-08-31 14:13:26 +0000 (Wed, 31 Aug 2011)
New Revision: 17144
Modified:
data/CVE/list
Log:
webkit/chromium/liv8 issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-08-31 13:36:32 UTC (rev 17143)
+++ data/CVE/list 2011-08-31 14:13:26 UTC (rev 17144)
@@ -737,8 +737,8 @@
CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict
modifications to ...)
NOT-FOR-US: Internet Explorer
CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict
modifications ...)
- - chromium-browser <undetermined>
- - webkit <undetermined>
+ - chromium-browser 4.0.211.0
+ - webkit <not-affected>
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications
to ...)
TODO: check
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x
before ...)
@@ -1191,7 +1191,7 @@
CVE-2011-2840
RESERVED
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on
Linux ...)
- TODO: check
+ - chromium-browser <not-affected> (Pdf plugin)
CVE-2011-2838
RESERVED
CVE-2011-2837
@@ -1213,37 +1213,54 @@
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit
...)
- chromium-browser 13.0.782.215~r97094-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows
remote ...)
- chromium-browser 13.0.782.215~r97094-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (Chromium specific)
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to
bypass ...)
- chromium-browser 13.0.782.215~r97094-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/r91738 http://trac.webkit.org/r91739
http://trac.webkit.org/changeset/92744
CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before
13.0.782.215 ...)
- chromium-browser 13.0.782.215~r97094-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly
parse ...)
- TODO: check
+ - chromium-browser <not-affected> (windows only)
+ - webkit <not-affected>
CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome
before ...)
- chromium-browser 13.0.782.215~r97094-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2820
RESERVED
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817
RESERVED
CVE-2011-2816
@@ -1267,79 +1284,113 @@
CVE-2011-2807
RESERVED
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly
handle ...)
- TODO: check
+ - chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to
bypass ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle
nested ...)
- TODO: check
+ - chromium-browser <not-affected> (pdf plugin)
CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia
paths, ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (skia code)
CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does
not ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
- - libv8 <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected>
+ - libv8 3.4
+ [squeeze] - libv8 <not-affected>
+ NOTE: Bug was introduced in
http://code.google.com/p/v8/source/detail?r=8224
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to
obtain ...)
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/91044
+ NOTE:
http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict
access to ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome
before ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to
functions ...)
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform
text ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in
Google ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ - webkit <not-affected> (icu issue)
+ NOTE: ICU bug only in debug build
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in
Google ...)
- chromium-browser 13.0.782.107~r94237-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2785 (The extensions implementation in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to
obtain ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (issue in angleproject)
CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that
developer-mode ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before
13.0.782.107 ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2781
RESERVED
CVE-2011-2780 (Directory traversal vulnerability in includes/lib/gz.php in
Chyrp 2.0 ...)
@@ -1388,7 +1439,8 @@
RESERVED
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a
page ...)
- chromium-browser <undetermined>
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass
ACL rules ...)
NOT-FOR-US: Brocade BigIron RX
CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in
IBM ...)
@@ -1794,6 +1846,7 @@
NOT-FOR-US: Windows XP
CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as
a WebGL ...)
- chromium-browser <unfixed>
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote
...)
- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in
unstable)
@@ -2416,16 +2469,19 @@
- icedove 3.1.11-1
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome
before ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <unfixed> (unimportant)
+ - webkit <not-affected> (chromium specific)
CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user
is ...)
- - chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ - chromium-browser 13.0.782.107~r94237-1 (unimportant)
+ - webkit <not-affected> (chromium specific)
CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line
boxes ...)
- chromium-browser 13.0.782.107~r94237-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that
extension ...)
- chromium-browser 13.0.782.107~r94237-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <unfixed> (unimportant)
+ - webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL
loading ...)
TODO: check
CVE-2011-2356
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
