thr3ads.net - Secure testing commits - [Secure-testing-commits] r15295

If this information is useful, please help other people find it:
Share via:
Giuseppe Iuculano
2010-Sep-09 09:22 UTC
[Secure-testing-commits] r15295 - data/CVE

Author: iuculano
Date: 2010-09-09 09:22:33 +0000 (Thu, 09 Sep 2010)
New Revision: 15295

Modified:
   data/CVE/list
Log:
webkit/chromium issues

Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-09-09 09:15:00 UTC (rev 15294)
+++ data/CVE/list	2010-09-09 09:22:33 UTC (rev 15295)
@@ -5,47 +5,63 @@
 CVE-2010-3260
 	RESERVED
 CVE-2010-3259 (Google Chrome before 6.0.472.53 does not properly restrict read
access ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
+	NOTE: http://trac.webkit.org/changeset/65826
 CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53
does not ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
+	- webkit <not-affected>
+	NOTE: chromium specific
 CVE-2010-3257 (Google Chrome before 6.0.472.53 does not properly perform focus
...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/65748
https://bugs.webkit.org/show_bug.cgi?id=44226
 CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the
number of ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
+	- webkit <not-affected>
+	NOTE: chromium specific
 CVE-2010-3255 (Google Chrome before 6.0.472.53 does not properly handle counter
...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
http://trac.webkit.org/changeset/66052
 CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53
does ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/65135
 CVE-2010-3253 (The implementation of notification permissions in Google Chrome
before ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/64647
http://trac.webkit.org/changeset/64651
 CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in
Google ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645
http://trac.webkit.org/changeset/65742
 CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53
...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
+	- webkit <not-affected>
+	NOTE: chromium specific
 CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53
allows ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
+	- webkit <not-affected>
+	NOTE: chromium specific
 CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG
...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/60541
 CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict
copying to ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: http://trac.webkit.org/changeset/58703
 CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the
...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
+	- webkit <not-affected>
+	NOTE: chromium specific
 CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the
_blank ...)
-	- chromium-browser <undetermined>
+	- chromium-browser 6.0.472.53~r57914-1
 	- webkit <undetermined>
+	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541
https://bugs.webkit.org/show_bug.cgi?id=44969
+	NOTE: http://trac.webkit.org/changeset/66742
 CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite
...)
 	TODO: check
 CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly
...)
@@ -3438,10 +3454,10 @@
 	TODO: someone with access to the webkit security list please track down commit
 	NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks.
 CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows
allows ...)
-	- chromium-browser <undetermined>
-	- webkit <undetermined>
-	TODO: someone with access to the webkit security list please track down commit
+	- chromium-browser <not-affected>
+	- webkit <not-affected>
 	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code
execution is possible
+	NOTE: This is Safari only
 CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in
libopie ...)
 	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
 	[lenny] - opie <no-dsa> (Minor issue)
Secure testing commits - Sep 2010 - r15295 - data/CVE

[Secure-testing-commits] r15295 - data/CVE
