Author: gilbert-guest
Date: 2010-06-25 01:44:46 +0000 (Fri, 25 Jun 2010)
New Revision: 14905
Modified:
data/CVE/list
Log:
webkit triage
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-24 23:45:42 UTC (rev 14904)
+++ data/CVE/list 2010-06-25 01:44:46 UTC (rev 14905)
@@ -276,18 +276,25 @@
NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in
WebCore ...)
- webkit <unfixed> (medium; bug #586547)
+ - chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome
before ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google
Chrome ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp
in ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59241
+ NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes
...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-2299 (The Clipboard::DispatchObject function in
app/clipboard/clipboard.cc ...)
- webkit <not-affected> (chromium-specific)
- chromium-browser <undetermined>
@@ -295,14 +302,17 @@
- webkit <not-affected> (chromium-specific)
- chromium-browser <undetermined>
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google
Chrome ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome
before ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ NOTE: access to google bug report is restricted
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome
before ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser <undetermined>
+ NOTE: http://trac.webkit.org/changeset/58829
CVE-2009-4900
RESERVED
CVE-2009-4899
@@ -423,8 +433,13 @@
NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope
template for ...)
NOT-FOR-US: joomla!
-CVE-2010-2253
+CVE-2010-2253 [lftp, wget, libwww-perl unexpected download issue]
RESERVED
+ - libwww-perl <undetermined>
+ - lftp <undetermined>
+ - wget <undetermined>
+ NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
+ TODO: check
CVE-2010-2252
RESERVED
CVE-2010-2251
@@ -717,7 +732,9 @@
CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service
...)
NOT-FOR-US: Opera
CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a
denial of ...)
- - chromium-browser <undetermined>
+ - chromium-browser <undetermined> (unimportant)
+ - webkit <undetermined> (unimportant)
+ NOTE: browser denial-of-services are not considered security-relevant
CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote
attackers to ...)
NOT-FOR-US: MS IE
CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385
allows ...)
@@ -748,16 +765,24 @@
NOT-FOR-US: Pacific Timesheet
CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute
JavaScript ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <unfixed>
+ NOTE: http://trac.webkit.org/changeset/58229
CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55
allows ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <unfixed>
+ NOTE: http://trac.webkit.org/changeset/58441
CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55
allows ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55
allows ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <not-affected> (doesn''t have safebrowsing feature)
CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55
might ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the
Safe ...)
- chromium-browser 5.0.375.55~r47796-1
+ - webkit <not-affected> (doesn''t have safebrowsing feature)
CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4
and ...)
NOT-FOR-US: Orbit Downloader
CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...)
@@ -1866,10 +1891,16 @@
RESERVED
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle
fonts, ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <unfixed>
+ NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5
...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <unfixed>
+ NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in
Google ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <undetermined>
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=37128 but access is restricted
CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in
...)
NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade
(PHPQA) ...)
@@ -2277,6 +2308,7 @@
RESERVED
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
- chromium-browser 5.0.375.29~r46008-1
+ - libv8 <undetermined>
- webkit <not-affected> (doesn''t use v8 bindings yet)
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from
loading ...)
- chromium-browser 5.0.375.29~r46008-1
@@ -3157,13 +3189,12 @@
- webkit <not-affected> (bug #577457; proof-of-concepts are not
effective against webkit)
- chromium-browser 5.0.375.29~r46008-1
NOTE: http://trac.webkit.org/changeset/55822
- NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in
KURLGoogle.cpp
CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
- chromium-browser 5.0.375.29~r46008-1
NOTE: issue in chrome-specific download dialog
CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
- chromium-browser 5.0.375.29~r46008-1
- NOTE: chrome-specific and claimed windows-only
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036
allow ...)
- webkit <not-affected> (v8 and webgl not yet included)
- chromium-browser 5.0.375.29~r46008-1
@@ -3181,13 +3212,13 @@
- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected
behavior ...)
- chromium-browser 5.0.375.29~r46008-1
- NOTE: chrome-specific issue
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036
does ...)
- chromium-browser 5.0.375.29~r46008-1
- NOTE: chrome-specific sandboxing issue
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google
...)
- chromium-browser 5.0.375.29~r46008-1
- NOTE: chrome-specific sandboxing issue
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Communication Express
CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the
iPhone 2G ...)
@@ -4862,16 +4893,20 @@
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit
before ...)
- chromium-browser 5.0.375.29~r46008-1
- - webkit <not-affected> (no v8 code included yet)
- TODO: recheck as newer webkits are uploaded
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the
Referer ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google
Chrome ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.1.21-1 (low)
@@ -4880,8 +4915,10 @@
- kde4libs <undetermined> (low)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome
before ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the
...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before
4.0.249.78, ...)
- chromium-browser 5.0.375.29~r46008-1
@@ -4891,6 +4928,7 @@
- kde4libs <undetermined> (low)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78
allows ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets
even ...)
- xulrunner <undetermined> (bug #570743)
CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when
the ...)
@@ -4915,6 +4953,7 @@
NOTE: unimportant because this is just a popup blocker bypass
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer
function ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to
...)
- xulrunner <undetermined> (bug #570743)
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before
4.0.249.89, ...)
@@ -4925,12 +4964,18 @@
- kde4libs <undetermined> (medium)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8
before ...)
- chromium-browser 5.0.375.29~r46008-1
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before
r3560, as ...)
- chromium-browser 5.0.375.29~r46008-1
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is
...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct
connections to ...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to
read the ...)
NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -5200,6 +5245,7 @@
NOT-FOR-US: IBM Cognos Express
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89
...)
- chromium-browser 5.0.375.29~r46008-1
+ - webkit <not-affected> (chrome-specific issue)
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows
remote ...)
NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows
remote ...)
@@ -8539,6 +8585,7 @@
NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage
function ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before
3.0.195.32, ...)
- webkit <not-affected> (chromium-specific issue in their timer)
- qt4-x11 <not-affected> (chromium-specific issue in their timer)
@@ -8547,9 +8594,10 @@
- chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- chromium-browser <not-affected> (Only 0.x is affected)
- NOTE: gears is only implemented in chromium
+ - webkit <not-affected> (gears is only implemented in chromium)
CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
- chromium-browser <not-affected> (Only 3.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -9996,6 +10044,7 @@
NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not
properly ...)
- chromium-browser <not-affected>
+ - webkit <not-affected>
NOTE: This was caused by a bug in NSS (CVE-2009-2408). chromium-browser uses
libnss3
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not
properly ...)
NOT-FOR-US: Apple Safari
@@ -10496,6 +10545,8 @@
NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <unfixed> (unimportant)
+ NOTE: browser denial of services not considered security-relevant
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS
or (2) ...)
@@ -10504,8 +10555,11 @@
NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
- chromium-browser <not-affected> (Only 3.x is affected)
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
- chromium-browser <not-affected> (Only 3.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI
(SSUI) ...)
@@ -10543,7 +10597,9 @@
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX
...)
NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to
cause ...)
- - chromium-browser <not-affected> (Only 0.x is affected)
+ - chromium-browser <unfixed> (unimportant)
+ - webkit <unfixed> (unimportant)
+ NOTE: browser denial of services aren''t considered security-relevant
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
@@ -11436,6 +11492,7 @@
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37,
and ...)
- chromium-browser <undetermined> (unimportant)
+ - webkit <undetermined> (unimportant)
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1
pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
@@ -11588,8 +11645,10 @@
NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote
...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (doesn''t support
''chromehtml'' protocol)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections
to a ...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote
...)
NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange
3.0 ...)
@@ -11678,6 +11737,8 @@
NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <unfixed> (unimportant)
+ NOTE: browser denial of services are not considered security-relevant
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
@@ -11737,6 +11798,7 @@
NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google
Chrome ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News
Beta 2 ...)
NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2
allows ...)
@@ -11806,6 +11868,8 @@
NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
@@ -12315,14 +12379,19 @@
NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc
in ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers
to ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before
saving ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google
Chrome ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
- chromium-browser <not-affected> (Only 0.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default
password, ...)
NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4,
...)
@@ -13222,6 +13291,8 @@
NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to
cause a ...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - webkit <unfixed> (unimportant)
+ NOTE: browser denial of services not considered security-relevant
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
@@ -13288,8 +13359,11 @@
NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage
renderer ...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - webkit <not-affected> (chrome-specfic renderer issue)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8
before ...)
- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
{DSA-1848-1}
- znc 0.074-1 (medium; bug #537977)
@@ -13835,7 +13909,9 @@
CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute
...)
- eaccelerator-src <itp> (bug #460341)
CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript:
URIs ...)
- - chromium-browser <unfixed>
+ - chromium-browser 5.0.375.70~r48679-2
+ - webkit <not-affected> (doesn''t have a
''view-source'' handler)
+ NOTE: poc didn''t seem to work against 5.0.375.70~r48679-2
NOTE: chromium security team doesn''t consider this a valid security
issue
NOTE: http://crbug.com/40086
CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in
Refresh ...)
@@ -14490,6 +14566,7 @@
NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before
...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1822-1}
- mahara 1.1.5-1 (low)
@@ -14634,12 +14711,14 @@
NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate
for a ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx
CONNECT ...)
NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached
certificate for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when
the ...)
- chromium-browser 5.0.342.9~r43360-1
+ - webkit <undetermined>
CVE-2009-2067 (Opera detects http content in https web pages only when the
top-level ...)
NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when
the ...)
@@ -14656,6 +14735,7 @@
- xulrunner <undetermined> (bug #565521)
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before
...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to
determine ...)
NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine
the ...)
@@ -16019,6 +16099,7 @@
NOT-FOR-US: Opera
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript:
URI in ...)
- chromium-browser <undetermined>
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript:
URI in ...)
- xulrunner <undetermined> (bug #565521)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly
implement the ...)
@@ -16509,6 +16590,7 @@
NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the
ParamTraits<SkBitmap>::Read function ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-2 (bug #523365)
@@ -16585,10 +16667,13 @@
[etch] - gnutls13 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
- chromium-browser <not-affected> (Only 2.x is affected)
+ - webkit <not-affected> (doesn''t have a
''chromehtml'' handler)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (doesn''t have a
''chromehtml'' handler)
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol
handler ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (doesn''t have a
''chromehtml'' handler)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine 0.5.1 (low)
[lenny] - iodine 0.4.2-2~lenny1
@@ -20754,6 +20839,7 @@
NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict
access from ...)
- chromium-browser <not-affected> (Only 1.x is affected)
+ - webkit <not-affected> (chrome-specific issue)
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent
(GWIA) ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog
1.0.6 and ...)
@@ -20840,7 +20926,8 @@
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10,
...)
NOT-FOR-US: RealPlayer
CVE-2009-0374 (** DISPUTED ** ...)
- - chromium-browser (unimportant)
+ - chromium-browser <unfixed> (low)
+ - webkit <not-affected> (poc doesn''t work)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine
...)
NOT-FOR-US: Joomla
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in
Miltenovik ...)
@@ -21283,6 +21370,8 @@
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google
...)
- chromium-browser <not-affected> (only 1.x is affected)
+ - libv8 <undetermined>
+ - webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5,
7.0, ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell
...)
@@ -22357,6 +22446,7 @@
NOT-FOR-US: Microsoft
CVE-2008-5749 (** DISPUTED ** ...)
- chromium-browser <undetermined> (unimportant)
+ - webkit <not-affected> (doesn''t support
''chromehtml'' urls)
CVE-2008-5748 (Directory traversal vulnerability in
plugins/spaw2/dialogs/dialog.php ...)
NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass
...)
@@ -25955,6 +26045,7 @@
NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers
to ...)
- chromium-browser <not-affected> (only 0.x is affected)
+ - webkit <not-affected> (poc not effective)
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA)
in ...)
NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the
brilliant_gallery_checklist_save ...)
Nico Golde
2010-Jul-05 17:37 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
Hi, * Michael Gilbert <gilbert-guest at alioth.debian.org> [2010-06-25 09:49]: [...]> @@ -20840,7 +20926,8 @@ > CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) > NOT-FOR-US: RealPlayer > CVE-2009-0374 (** DISPUTED ** ...) > - - chromium-browser (unimportant) > + - chromium-browser <unfixed> (low) > + - webkit <not-affected> (poc doesn''t work)Every serious security researcher/enthusiast should question himself if a note such as "poc doesn''t work" is acceptable. Imho it''s not, it''s a PoC, nothing more. If a PoC doesn''t work that doesn''t mean there is no vulnerability. Such notes are also not acceptable for the security tracker. If it can''t work because of something else or there is more reasoning behind that, please note it and be verbose. Cheers Nico -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100705/bb148e00/attachment.pgp>
Michael Gilbert
2010-Jul-05 20:31 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
On Mon, 5 Jul 2010 19:37:50 +0200 Nico Golde wrote:> Hi, > * Michael Gilbert <gilbert-guest at alioth.debian.org> [2010-06-25 09:49]: > [...] > > @@ -20840,7 +20926,8 @@ > > CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) > > NOT-FOR-US: RealPlayer > > CVE-2009-0374 (** DISPUTED ** ...) > > - - chromium-browser (unimportant) > > + - chromium-browser <unfixed> (low) > > + - webkit <not-affected> (poc doesn''t work) > > Every serious security researcher/enthusiast should question himself if a note > such as "poc doesn''t work" is acceptable. Imho it''s not, it''s a PoC, nothing > more. If a PoC doesn''t work that doesn''t mean there is no vulnerability. Such > notes are also not acceptable for the security tracker. If it can''t work > because of something else or there is more reasoning behind that, please note > it and be verbose.transfering the discussion from irc since i just found the topic brough up here as well. disclaimer: the case under consideration has been deemed unimportant. in this particular case (as with many chrome CVEs), the only reference available is the proof-of-concept. lacking any other source of information, direct testing of the poc is really the only thing that can be done. also, in this particular case, testing the poc makes it very clear that chrome is affected whereas webkit is not. i tested other webkit-based browsers and they take me to yahoo when clicking the malicious link (as specified when hovered over), but chrome takes me to a non-yahoo link (even though it says yahoo when hovered over). this, i believe, is a sufficiently quantifiable difference to state that chrome is affected while webkit itself isn''t. the results from my poc testing been pretty clear for all of the cases i''ve run into so far involving webkit and chrome, so i''m not convinced that any change is needed. if a chrome poc fails when tested against webkit, i plan to continue to declare webkit not-affected because of that. if there is concrete evidence that this is insufficient, i am willing to reconsider, but at this point, i''m not convinced. best wishes, mike
Giuseppe Iuculano
2010-Jul-05 21:23 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
On 07/05/2010 07:37 PM, Nico Golde wrote:> Every serious security researcher/enthusiast should question himself if a note > such as "poc doesn''t work" is acceptable. Imho it''s not, it''s a PoC, nothing > more. If a PoC doesn''t work that doesn''t mean there is no vulnerability. Such > notes are also not acceptable for the security tracker. If it can''t work > because of something else or there is more reasoning behind that, please note > it and be verbose.In this specific case this CVE seems to me a little weird. There is only a PoC that doesn''t work in any browser (chromium included). So if you mean that we should track all browser vulnerable to ClickJacking, I think this is a little insane, practically all browser are vulnerable. Cheers, Giuseppe. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100705/99a90ae3/attachment.pgp>
Nico Golde
2010-Jul-05 22:34 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
Hi, * Giuseppe Iuculano <giuseppe at iuculano.it> [2010-07-05 23:30]:> On 07/05/2010 07:37 PM, Nico Golde wrote: > > Every serious security researcher/enthusiast should question himself if a note > > such as "poc doesn''t work" is acceptable. Imho it''s not, it''s a PoC, nothing > > more. If a PoC doesn''t work that doesn''t mean there is no vulnerability. Such > > notes are also not acceptable for the security tracker. If it can''t work > > because of something else or there is more reasoning behind that, please note > > it and be verbose. > > In this specific case this CVE seems to me a little weird. There is only > a PoC that doesn''t work in any browser (chromium included).Yes, I''m aware of it. Maybe bringing this up again at mitre will get it rejected, even though the design issue still exists :/> So if you mean that we should track all browser vulnerable to > ClickJacking, I think this is a little insane, practically all browser > are vulnerable.Yes, I have to say I just took this special case as en example without going into the details of this issue. I still would prefer a more verbose description in general if possible than this especially because it makes it way easier for people to understand the rationale behind the note when checking our security tracker without completely assembling all vulnerability details on their own. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100706/0d81bc00/attachment.pgp>
Nico Golde
2010-Jul-05 22:38 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
Hi, * Michael Gilbert <michael.s.gilbert at gmail.com> [2010-07-05 22:32]:> On Mon, 5 Jul 2010 19:37:50 +0200 Nico Golde wrote: > > * Michael Gilbert <gilbert-guest at alioth.debian.org> [2010-06-25 09:49]: > > [...] > > > @@ -20840,7 +20926,8 @@ > > > CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...) > > > NOT-FOR-US: RealPlayer > > > CVE-2009-0374 (** DISPUTED ** ...) > > > - - chromium-browser (unimportant) > > > + - chromium-browser <unfixed> (low) > > > + - webkit <not-affected> (poc doesn''t work) > > > > Every serious security researcher/enthusiast should question himself if a note > > such as "poc doesn''t work" is acceptable. Imho it''s not, it''s a PoC, nothing > > more. If a PoC doesn''t work that doesn''t mean there is no vulnerability. Such > > notes are also not acceptable for the security tracker. If it can''t work > > because of something else or there is more reasoning behind that, please note > > it and be verbose. > > transfering the discussion from irc since i just found the topic > brough up here as well. > > disclaimer: the case under consideration has been deemed unimportant.disclaimer: i didn''t work on this particular issue, i just read the references and advisory.> in this particular case (as with many chrome CVEs), the only reference > available is the proof-of-concept. lacking any other source of > information, direct testing of the poc is really the only thing that > can be done. > > also, in this particular case, testing the poc makes it very clear that > chrome is affected whereas webkit is not. i tested other webkit-based > browsers and they take me to yahoo when clicking the malicious link (as > specified when hovered over), but chrome takes me to a non-yahoo link > (even though it says yahoo when hovered over).This contradicts to what Guiseppe wrote in his mail stating that the PoC works with *no* browser and this is a perfect example on why this description should be more verbose. [...]> if there is concrete evidence that this is insufficient, i am willing > to reconsider, but at this point, i''m not convinced.I think my other mail in reply to Guiseppe already answers the rest. This mail was not meant to enforce a description policy, but I''m sure we can do better. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100706/54e9e9a6/attachment.pgp>
Michael Gilbert
2010-Jul-06 03:07 UTC
[Secure-testing-team] [Secure-testing-commits] r14905 - data/CVE
On Tue, 6 Jul 2010 00:38:42 +0200 Nico Golde wrote:> > in this particular case (as with many chrome CVEs), the only reference > > available is the proof-of-concept. lacking any other source of > > information, direct testing of the poc is really the only thing that > > can be done. > > > > also, in this particular case, testing the poc makes it very clear that > > chrome is affected whereas webkit is not. i tested other webkit-based > > browsers and they take me to yahoo when clicking the malicious link (as > > specified when hovered over), but chrome takes me to a non-yahoo link > > (even though it says yahoo when hovered over). > > This contradicts to what Guiseppe wrote in his mail stating that the PoC works > with *no* browser and this is a perfect example on why this description should > be more verbose.based on retesting the issue today, i''ve found that the poc still works against chromium; not sure what i can say about others not coming to the same conclusions.> [...] > > if there is concrete evidence that this is insufficient, i am willing > > to reconsider, but at this point, i''m not convinced. > > I think my other mail in reply to Guiseppe already answers the rest. This mail > was not meant to enforce a description policy, but I''m sure we can do better.verbosity is a laudable goal, and i will certainly make an effort to do better from now on. usually i do take a reasonable amount of time to think about and enter a detailed description, but in this case and a few others i didn''t; since they were among about 60 webkit issues that i triaged all at once. anyway, i shouldn''t be making excuses; i should be doing a complete job. however, if i am to be pressured to be more verbose, then i think it should be no longer acceptable to use such ambivalent statements as "minor issue" anymore either. best wishes, mike