Author: iuculano
Date: 2011-09-28 14:24:00 +0000 (Wed, 28 Sep 2011)
New Revision: 17321
Modified:
data/CVE/list
Log:
Chromium/webkit issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-09-28 13:30:35 UTC (rev 17320)
+++ data/CVE/list 2011-09-28 14:24:00 UTC (rev 17321)
@@ -881,11 +881,11 @@
CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and
earlier does ...)
NOT-FOR-US: Apple Mac OS X
CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 14.0.835.163~r101024-1
+ NOTE: duplicate
CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 14.0.835.163~r101024-1
+ NOTE: duplicate
CVE-2011-3419
RESERVED
CVE-2011-3418
@@ -1350,7 +1350,9 @@
RESERVED
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle
boxes, ...)
- chromium-browser 14.0.835.163~r101024-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233
RESERVED
CVE-2011-3232
@@ -2359,10 +2361,14 @@
RESERVED
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (libv8 issue)
+ - libv8 <undetermined>
+ TODO: file bug
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected
pin ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2873
RESERVED
CVE-2011-2872
@@ -2383,50 +2389,69 @@
RESERVED
CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle
Tibetan ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2863
RESERVED
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does
not ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle
strings in ...)
- TODO: check
+ - chromium-browser <not-affected> (pdf plugin)
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions
for ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle
triangle ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/93514
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows
remote ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
+ - webkit <not-affected>
+ - libv8 3.4.14.21-1
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle
Cascading ...)
- chromium-browser 14.0.835.163~r101024-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
+ [squeeze] - chromium-browser <not-affected>
- webkit <undetermined>
+ NOTE: http://trac.webkit.org/changeset/94109
http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before
14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before
...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
+ - webkit <not-affected>
+ - libv8 3.4.14.21-1
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle
video, ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle
Khmer ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2849 (The WebSockets implementation in Google Chrome before
14.0.835.163 ...)
- chromium-browser 14.0.835.163~r101024-1
- - webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ - webkit <not-affected> (chromium specific)
CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote
...)
- chromium-browser 14.0.835.163~r101024-1
- webkit <undetermined>
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
