thr3ads.net - Secure testing commits - [Secure-testing-commits] r14400

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2010-Apr-05 01:21 UTC
[Secure-testing-commits] r14400 - data/CVE

Author: gilbert-guest
Date: 2010-04-05 01:21:09 +0000 (Mon, 05 Apr 2010)
New Revision: 14400

Modified:
   data/CVE/list
Log:
new webkit issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-05 00:38:39 UTC (rev 14399)
+++ data/CVE/list	2010-04-05 01:21:09 UTC (rev 14400)
@@ -1,27 +1,55 @@
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote
attackers to ...)
-	TODO: check
+	- webkit 1.1.90-1
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55511
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict
...)
-	TODO: check
+	- webkit <unfixed>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55822
 CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
-	TODO: check
+	- chromium <itp> (bug #520324) 
+	NOTE: issue in chrome-specific download dialog
 CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
-	TODO: check
+	- chromium <itp> (bug #520324) 
+	NOTE: chrome-specific and claimed windows-only
 CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036
allow ...)
-	TODO: check
+	- webkit <not-affected> (v8 and webgl not yet included)
+	- chromium <itp> (bug #520324) 
+	NOTE: http://trac.webkit.org/changeset/55376
+	TODO: recheck as newer webkits get uploaded
 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to
cause a ...)
-	TODO: check
+	- webkit 1.1.90-1
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324)
+	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before
...)
+	- webkit <undetermined>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
+	- qt4-x11 <undetermined>
+	- chromium <itp> (bug #520324)
 	TODO: check
 CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected
behavior ...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific issue
 CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036
does ...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific sandboxing issue
 CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google
...)
-	TODO: check
+	- chromium <itp> (bug #520324)
+	NOTE: chrome-specific sandboxing issue
 CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
 	TODO: check
 CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the
iPhone 2G ...)
-	TODO: check
+	NOT-FOR-US: Apple iPhone
 CVE-2010-1225 (The memory-management implementation in the Virtual Machine
Monitor ...)
 	TODO: check
 CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25,
1.6.1.x ...)
Secure testing commits - Apr 2010 - r14400 - data/CVE

[Secure-testing-commits] r14400 - data/CVE
