Author: iuculano Date: 2010-08-26 06:45:08 +0000 (Thu, 26 Aug 2010) New Revision: 15213 Modified: data/CVE/list Log: chromium/webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-08-25 21:14:46 UTC (rev 15212) +++ data/CVE/list 2010-08-26 06:45:08 UTC (rev 15213) @@ -1,23 +1,50 @@ CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...) - TODO: check + - chromium-browser 5.0.375.127~r55887-1 + - webkit <undetermined> + NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096 + NOTE: http://trac.webkit.org/changeset/65329 + NOTE: http://trac.webkit.org/changeset/65325 CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...) - TODO: check + - chromium-browser 5.0.375.127~r55887-1 + - webkit <undetermined> + NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795 + NOTE: http://trac.webkit.org/changeset/65090 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...) - TODO: check + - chromium-browser 5.0.375.127~r55887-1 + - webkit <not-affected> (chromium specific) CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the ...) - TODO: check + - chromium-browser 5.0.375.127~r55887-1 + - webkit <not-affected> (chromium specific) CVE-2010-3116 (Google Chrome before 5.0.375.127 does not properly process MIME types, ...) - TODO: check + - webkit <undetermined> + - chromium-browser 5.0.375.127~r55887-1 + NOTE: http://trac.webkit.org/changeset/64293 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888 + NOTE: http://trac.webkit.org/changeset/65280 CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...) - TODO: check + - webkit <undetermined> + - chromium-browser 5.0.375.127~r55887-1 + NOTE: http://trac.webkit.org/changeset/63925 + NOTE: http://trac.webkit.org/changeset/64077 CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...) - TODO: check + - webkit <undetermined> + - chromium-browser 5.0.375.127~r55887-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655 + NOTE: http://trac.webkit.org/changeset/63773 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...) - TODO: check + - webkit <undetermined> + - chromium-browser 5.0.375.127~r55887-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659 + NOTE: http://trac.webkit.org/changeset/63865 CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file ...) - TODO: check + - webkit <undetermined> + - chromium-browser 5.0.375.127~r55887-1 CVE-2010-3111 (Google Chrome before 5.0.375.127 does not properly mitigate an ...) - TODO: check + - chromium-browser 5.0.375.127~r55887-1 + - webkit <not-affected> (chromium specific) CVE-2010-3110 RESERVED CVE-2010-XXXX [CouchDB insecure library loading] @@ -493,7 +520,7 @@ NOTE: http://trac.webkit.org/changeset/63219 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977 NOTE: http://trac.webkit.org/changeset/62134 CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) @@ -3458,6 +3485,8 @@ - webkit <undetermined> - chromium-browser <undetermined> NOTE: is CVE-2010-2441 a dup of this? + NOTE: chromium-sec don''t have info + NOTE: Sounds like it could be iPhone specific TODO: someone with access to the webkit security list please track down the commit CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...) NOT-FOR-US: Apple iPhone @@ -3475,6 +3504,8 @@ - webkit <undetermined> - chromium-browser <undetermined> NOTE: apple hasn''t disclosed enough info to check + NOTE: From Apple''s advisory: "This issue does not affect Mac OS X systems." Implies it may be outside of WebKit + NOTE: chromium-sec don''t have info TODO: someone with access to the webkit security list please track down the commit CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2