Author: gilbert-guest Date: 2010-09-07 01:30:52 +0000 (Tue, 07 Sep 2010) New Revision: 15279 Modified: data/CVE/list Log: webkit updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-09-06 23:51:36 UTC (rev 15278) +++ data/CVE/list 2010-09-07 01:30:52 UTC (rev 15279) @@ -219,7 +219,7 @@ NOTE: http://trac.webkit.org/changeset/65325 CVE-2010-3119 (Google Chrome before 5.0.375.127 does not properly support the Ruby ...) - chromium-browser 5.0.375.127~r55887-1 - - webkit <undetermined> + - webkit 1.2.4-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795 NOTE: http://trac.webkit.org/changeset/65090 CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...) @@ -234,19 +234,20 @@ NOTE: http://trac.webkit.org/changeset/64293 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147 NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888 - NOTE: http://trac.webkit.org/changeset/65280 + NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series CVE-2010-3115 (Google Chrome before 5.0.375.127 does not properly implement the ...) - - webkit <undetermined> + - webkit <unfixed> - chromium-browser 5.0.375.127~r55887-1 NOTE: http://trac.webkit.org/changeset/63925 NOTE: http://trac.webkit.org/changeset/64077 + NOTE: only partially fixed: only 64077 applied in 1.2.4-1 CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127 ...) - - webkit <undetermined> + - webkit 1.2.4-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655 NOTE: http://trac.webkit.org/changeset/63773 CVE-2010-3113 (Google Chrome before 5.0.375.127 does not properly handle SVG ...) - - webkit <undetermined> + - webkit 1.2.4-1 - chromium-browser 5.0.375.127~r55887-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659 NOTE: http://trac.webkit.org/changeset/63865 @@ -733,10 +734,11 @@ - webkit <not-affected> (Chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...) - - webkit <undetermined> + - webkit 1.2.4-1 - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621 NOTE: http://trac.webkit.org/changeset/62662 + NOTE: duplicate of cve-2010-1793 CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...) - webkit <undetermined> - chromium-browser 5.0.375.125~r53311-1 @@ -748,10 +750,11 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962 NOTE: http://trac.webkit.org/changeset/63219 CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...) - - webkit <undetermined> + - webkit 1.2.4-1 - chromium-browser 5.0.375.125~r53311-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977 NOTE: http://trac.webkit.org/changeset/62134 + NOTE: duplicate of cve-2010-1783 CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...) - webkit <not-affected> (chromium specific issue) - chromium-browser 5.0.375.125~r53311-1 @@ -1441,13 +1444,14 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305 NOTE: http://trac.webkit.org/projects/webkit/changeset/61921 CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...) - - webkit <unfixed> + - webkit 1.2.4-1 - chromium-browser 5.0.375.99~r51029-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627 NOTE: http://trac.webkit.org/changeset/61667 - NOTE: http://trac.webkit.org/changeset/61669 - NOTE: http://trac.webkit.org/changeset/61676 - NOTE: http://trac.webkit.org/changeset/61679 + NOTE: http://trac.webkit.org/changeset/61669 mac fixes + NOTE: http://trac.webkit.org/changeset/61676 chromium fixes + NOTE: http://trac.webkit.org/changeset/61679 additional layout test + NOTE: duplicate of cve-2010-1786 CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...) - webkit <unfixed> - chromium-browser 5.0.375.99~r51029-1 @@ -2375,6 +2379,7 @@ - chromium-browser 6.0.466.0~r52279-1 TODO: someone with access to webkit security list please track down commit NOTE: This is a large series of risky behaviour-changing changesets. + NOTE: upstream changelog says this is fixed in 1.2.3, but i''m doubtful of that CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...) - nginx <not-affected> (Windows-specific vulnerability when running on NTFS) CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...) @@ -3586,6 +3591,7 @@ CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list, please check CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when ...) NOT-FOR-US: Apple iTunes on Windows CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel ...) @@ -3593,49 +3599,69 @@ CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/62482 + NOTE: http://trac.webkit.org/changeset/62662 + NOTE: duplicated as cve-2010-2902 CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/62386 CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list, please check CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/62301 CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list, please check CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/61044 CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) - webkit 1.2.4-1 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.99~r51029-1 + NOTE: http://trac.webkit.org/changeset/61667 + NOTE: duplicated as cve-2010-2647 CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/61050 CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/62271 CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit <undetermined> - chromium-browser <undetermined> + NOTE: duplicated as cve-2010-2899 CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.4-1 - chromium-browser <undetermined> + NOTE: http://trac.webkit.org/changeset/60984 CVE-2010-1781 RESERVED + - webkit <undetermined> + - chromium-browser <undetermined> + NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently available + TODO: check CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list, please check CVE-2010-1779 RESERVED CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 ...) - webkit <undetermined> - chromium-browser <undetermined> + TODO: someone with access to webkit security list, please check CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers ...) NOT-FOR-US: Apple iTunes CVE-2010-1776