Author: derevko-guest
Date: 2010-06-25 20:15:13 +0000 (Fri, 25 Jun 2010)
New Revision: 14906
Modified:
data/CVE/list
Log:
libv8 issues
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-06-25 01:44:46 UTC (rev 14905)
+++ data/CVE/list 2010-06-25 20:15:13 UTC (rev 14906)
@@ -2308,8 +2308,10 @@
RESERVED
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
- chromium-browser 5.0.375.29~r46008-1
- - libv8 <undetermined>
- webkit <not-affected> (doesn''t use v8 bindings yet)
+ NOTE: http://trac.webkit.org/changeset/45826
+ NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
+ NOTE: http://trac.webkit.org/changeset/57224
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from
loading ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (chromium-specific issue)
@@ -4902,8 +4904,8 @@
- webkit <not-affected> (chrome-specific issue)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit
before ...)
- chromium-browser 5.0.375.29~r46008-1
- - libv8 <undetermined>
- webkit <not-affected> (libv8 issue)
+ NOTE: http://trac.webkit.org/changeset/52401
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the
Referer ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit <not-affected> (chrome-specific issue)
@@ -4964,11 +4966,11 @@
- kde4libs <undetermined> (medium)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8
before ...)
- chromium-browser 5.0.375.29~r46008-1
- - libv8 <undetermined>
+ - libv8 2.1.6-1
- webkit <not-affected> (libv8 issue)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before
r3560, as ...)
- chromium-browser 5.0.375.29~r46008-1
- - libv8 <undetermined>
+ - libv8 2.1.6-1
- webkit <not-affected> (libv8 issue)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is
...)
- chromium-browser 5.0.375.29~r46008-1
@@ -10555,7 +10557,7 @@
NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
- chromium-browser <not-affected> (Only 3.x is affected)
- - libv8 <undetermined>
+ - libv8 1.3.11+dfsg-1
- webkit <not-affected> (libv8 issue)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
- chromium-browser <not-affected> (Only 3.x is affected)
@@ -11868,7 +11870,7 @@
NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
- chromium-browser <not-affected> (Only 2.x is affected)
- - libv8 <undetermined>
+ - libv8 1.3.11+dfsg-1
- webkit <not-affected> (libv8 issue)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
@@ -13362,7 +13364,7 @@
- webkit <not-affected> (chrome-specfic renderer issue)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8
before ...)
- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
- - libv8 <undetermined>
+ - libv8 1.3.11+dfsg-1
- webkit <not-affected> (libv8 issue)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
{DSA-1848-1}
@@ -21370,7 +21372,7 @@
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google
...)
- chromium-browser <not-affected> (only 1.x is affected)
- - libv8 <undetermined>
+ - libv8 1.3.11+dfsg-1
- webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5,
7.0, ...)
NOT-FOR-US: Novell GroupWise