Author: iuculano
Date: 2011-10-21 11:35:10 +0000 (Fri, 21 Oct 2011)
New Revision: 17472

Modified:
   data/CVE/list
Log:
chromium/webkit issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2011-10-21 08:40:46 UTC (rev 17471)
+++ data/CVE/list       2011-10-21 11:35:10 UTC (rev 17472)
@@ -822,7 +822,8 @@
        RESERVED
 CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement 
shader ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       [squeeze] - chromium-browser <not-affected>
+       - webkit <not-affected> (chromium specific)
 CVE-2011-XXXX [Fix file indirectory injection]
        - puppet 2.7.3-3 (unimportant)
        [squeeze] - puppet 2.6.2-5+squeeze1
@@ -1935,10 +1936,10 @@
 CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and 
earlier does ...)
        NOT-FOR-US: Apple Mac OS X
 CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before 
...)
-       - chromium-browser 14.0.835.163~r101024-1
+       - chromium-browser 14.0.835.163~r101024-1 (unimportant)
        NOTE: duplicate
 CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before 
...)
-       - chromium-browser 14.0.835.163~r101024-1
+       - chromium-browser 14.0.835.163~r101024-1 (unimportant)
        NOTE: duplicate
 CVE-2011-3419
        RESERVED
@@ -3442,23 +3443,32 @@
 CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX 
control ...)
        NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle 
Google V8 ...)
-       - chromium-browser 14.0.835.202~r103287-1
+       - chromium-browser <not-affected> (chromium uses libv8 system copy)
        - libv8 <undetermined>
 CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 
14.0.835.202 ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       [squeeze] - chromium-browser <not-affected>
+       - webkit <undetermined>
+       NOTE: http://trac.webkit.org/changeset/95667 
http://trac.webkit.org/changeset/95689 http://trac.webkit.org/changeset/95728
 CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider 
object ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       [squeeze] - chromium-browser <not-affected>
+       - webkit <undetermined>
+       NOTE: http://trac.webkit.org/changeset/94984
 CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict 
access to ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       [squeeze] - chromium-browser <not-affected>
+       - webkit <undetermined>
+       NOTE: http://trac.webkit.org/changeset/95488
 CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG 
text, ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       [squeeze] - chromium-browser <not-affected>
+       - webkit <undetermined>
+       NOTE: http://trac.webkit.org/changeset/94508
 CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 
14.0.835.202 ...)
        - chromium-browser 14.0.835.202~r103287-1
-       - libv8 <undetermined>
+       - webkit <undetermined>
+       NOTE: http://trac.webkit.org/changeset/95600
 CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does 
not ...)
        - chromium-browser 14.0.835.163~r101024-1
        [squeeze] - chromium-browser <not-affected>


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to