Author: iuculano
Date: 2012-01-01 15:48:24 +0000 (Sun, 01 Jan 2012)
New Revision: 17959
Modified:
data/CVE/list
Log:
chromium/webkit issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2012-01-01 15:02:07 UTC (rev 17958)
+++ data/CVE/list 2012-01-01 15:48:24 UTC (rev 17959)
@@ -1123,8 +1123,9 @@
CVE-2011-4720
RESERVED
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
+ NOTE: Duplicate for chromebooks
CVE-2011-4718
RESERVED
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52
allows ...)
@@ -1280,11 +1281,11 @@
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on
Windows ...)
NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google
Chrome 15 ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <unfixed> (unimportant)
+ - webkit <undetermined> (unimportant)
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture
of ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <unfixed> (unimportant)
+ - webkit <undetermined> (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about
the ...)
NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent
capture of ...)
@@ -1312,8 +1313,8 @@
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird
before ...)
- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not
properly ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly
restrict ...)
NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer
8.0 and ...)
@@ -1321,8 +1322,8 @@
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not
properly ...)
NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google
Chrome 4 ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5
does not ...)
NOT-FOR-US: Opera
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0,
...)
@@ -1679,8 +1680,9 @@
CVE-2010-5063
RESERVED
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before
...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected>
+ - webkit <not-affected>
+ NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Zen Cart
CVE-2011-4546
@@ -3679,98 +3681,137 @@
CVE-2011-3918
RESERVED
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome
before ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF
cross ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected>
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows
remote ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8,
as ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (v8-i18n chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF
...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV
video ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google
Chrome ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG
...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63
allows ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows
remote ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser <not-affected> (Chrome pdf plugin)
+ - webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows
remote ...)
- libxml2 <unfixed> (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before
16.0.912.63 ...)
- - chromium-browser <unfixed>
+ - chromium-browser 16.0.912.63~r113337-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform
regex ...)
- - chromium-browser <unfixed>
- - webkit <undetermined>
+ - chromium-browser 16.0.912.63~r113337-1
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3902
RESERVED
CVE-2011-3901
RESERVED
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows
remote ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ - libv8 3.5.10.24
+ [squeeze] - chromium-browser <not-affected>
+ [squeeze] - libv8 <not-affected>
CVE-2011-3899
RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime
Environment (JRE) ...)
- - chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - chromium-browser 15.0.874.121~r109964-1 (unimportant)
+ - webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before
15.0.874.120 ...)
- chromium-browser 15.0.874.121~r109964-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows
remote ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google
Chrome ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
- TODO: might affect libvorbis or libav, didn't check
+ - webkit <not-affected> (Chrome issue)
+ - ffmpeg <undetermined>
+ - libav <unfixed>
+ TODO: file buf for ffmpeg/libav :
http://src.chromium.org/viewvc/chrome?view=rev&revision=107826
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8
...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
- TODO: check
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement
the MKV ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ - libav <unfixed>
+ [squeeze] - chromium-browser <not-affected>
TODO: might affect libtheora or libav
+ NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google
Chrome ...)
- chromium-browser 15.0.874.121~r109964-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
+ - libav <unfixed>
+ NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
TODO: might affect libtheora or libav
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
- chromium-browser 15.0.874.106~r107270-1
- - webkit <undetermined>
+ - webkit <not-affected> (Chrome issue)
+ [squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in
Google ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before
15.0.874.102 ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <no-dsa> (minor issue)
+ NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle
javascript: ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
+ [squeeze] - chromium-browser <not-affected>
+ NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows
remote ...)
- chromium-browser 15.0.874.106~r107270-1
- webkit <undetermined>
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
