Author: iuculano Date: 2010-11-14 10:50:36 +0000 (Sun, 14 Nov 2010) New Revision: 15581 Modified: data/CVE/list Log: chromium/webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-11-13 21:14:28 UTC (rev 15580) +++ data/CVE/list 2010-11-14 10:50:36 UTC (rev 15581) @@ -398,35 +398,38 @@ NOT-FOR-US: Opera CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 + NOTE: http://trac.webkit.org/changeset/68096 CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...) - webkit <not-affected> (issue with chromium sandbox) - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/68446 CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...) - webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue) - - chromium-browser <undetermined> + - chromium-browser <not-affected> (package uses its own startup script) CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...) - webkit <not-affected> (issue in chromium code base) - - chromium-browser <undetermined> + - chromium-browser 9.0.570 + [squeeze] - chromium-browser <not-affected> (websocket_experiment not enabled in v6) CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser <unfixed> (unimportant) + NOTE: http://trac.webkit.org/changeset/67716 CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...) - - webkit <undetermined> - - chromium-browser <undetermined> + - webkit <not-affected> (chromium-specifc issue) + - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ...) - webkit <not-affected> (issue in chromium code base) - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...) - webkit <not-affected> (issue in chromium code base) - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the ...) - webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now) - - chromium-browser <undetermined> + - chromium-browser 6.0.472.63~r59945-1 NOTE: http://trac.webkit.org/changeset/63786 NOTE: http://trac.webkit.org/changeset/67240 CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...) @@ -1142,7 +1145,7 @@ CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...) - webkit <not-affected> (issue in libv8) - chromium-browser 6.0.472.62~r59676-1 - - libv8 <undetermined> + - libv8 <not-affected> NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700 NOTE: http://trac.webkit.org/changeset/67509 CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...) @@ -6178,7 +6181,7 @@ NOTE: http://trac.webkit.org/changeset/66795 CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...) - webkit <not-affected> (vulnerable code not present in 1.2.x series) - - chromium-browser <undetermined> + - chromium-browser 6.0.472.59~r59126-1 NOTE: http://trac.webkit.org/changeset/65958 TODO: recheck chromium, was wrong commit CVE-2010-1822 (WebKit, as used in Google Chrome before 6.0.472.62, does not properly ...)