Author: gilbert-guest Date: 2010-07-07 01:11:42 +0000 (Wed, 07 Jul 2010) New Revision: 14968 Modified: data/CVE/list Log: webkit triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-06 22:29:42 UTC (rev 14967) +++ data/CVE/list 2010-07-07 01:11:42 UTC (rev 14968) @@ -381,7 +381,11 @@ CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...) NOT-FOR-US: Opera CVE-2010-2454 (Apple Safari does not properly manage the address bar between the ...) - - webkit <undetermined> + - webkit <not-affected> (iceweasel/safari-specific issues) + - chromium-browser <not-affected> (iceweasel/safari-specific issues) + NOTE: i tested both firefox and safari poc''s, and neither of them caused the + NOTE: address bar to be spoofed in either webkit or chrome + NOTE: this will be address in iceweasel in cve-2010-1206 CVE-2010-2453 RESERVED CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...) @@ -410,10 +414,10 @@ CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...) - - webkit <unfixed> (low) + - webkit 1.2.1-3 (low) - chromium-browser 5.0.375.55~r47796-1 - NOTE: poc seems to work, but only intermitently (maybe every 20th character) NOTE: http://trac.webkit.org/changeset/58829 + NOTE: above patch for cve-2010-1773 fixes the problem, so this seems to be a dup CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...) NOT-FOR-US: Subtitle Translation Wizard CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...) @@ -708,26 +712,31 @@ CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...) NOT-FOR-US: Symantec Sygate Personal Firewall CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...) - - webkit <unfixed> (medium; bug #586547) + - webkit 1.2.1-3 (medium; bug #586547) - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59950 + NOTE: duplicate of cve-2010-1773 CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...) - - webkit <unfixed> + - webkit 1.2.1-3 - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59859 + NOTE: duplicate of cve-2010-1772 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...) - - webkit <unfixed> + - webkit 1.2.1-3 - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59876 + NOTE: duplicate of cve-2010-1771 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...) - - webkit <unfixed> + - webkit 1.2.1-3 - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 + NOTE: duplicate of cve-2010-1762 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...) - - webkit <undetermined> + - webkit 1.2.1-3 - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59109 + NOTE: duplicate of cve-2010-1759 CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...) - webkit <not-affected> (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 @@ -735,11 +744,11 @@ - webkit <not-affected> (chromium-specific) - chromium-browser 5.0.375.70~r48679-1 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...) - - webkit <unfixed> + - webkit 1.2.1-3 - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) - - webkit <undetermined> + - webkit 1.2.1-2 - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031 NOTE: http://trac.webkit.org/changeset/57627 @@ -748,7 +757,7 @@ NOTE: http://trac.webkit.org/changeset/59769 NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...) - - webkit <unfixed> + - webkit 1.2.1-3 - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 CVE-2009-4900 @@ -823,6 +832,7 @@ CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list please track down commit CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) - nginx <not-affected> (Windows-specific vulnerability when running on NTFS) CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) @@ -1219,11 +1229,11 @@ NOT-FOR-US: Pacific Timesheet CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...) - chromium-browser 5.0.375.55~r47796-1 - - webkit <unfixed> + - webkit <not-affected> (issue in chrome''s libv8 bindings) NOTE: http://trac.webkit.org/changeset/58229 CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) - chromium-browser 5.0.375.55~r47796-1 - - webkit <unfixed> + - webkit 1.2.1-2 NOTE: http://trac.webkit.org/changeset/58441 CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...) - chromium-browser 5.0.375.55~r47796-1 @@ -3330,12 +3340,10 @@ - webkit <not-affected> (this is a bug in Apple''s PDFKit) - chromium-browser <not-affected> (this is a bug in Apple''s PDFKit) CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) - - webkit <undetermined> + - webkit <undetermined> (unimportant) - chromium-browser <unfixed> (unimportant) - NOTE: not enough info disclosed to be able to check NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar. - TODO: someone with access to webkit security list please track down commit CVE-2010-1383 RESERVED CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)