Author: iuculano Date: 2011-09-28 14:24:00 +0000 (Wed, 28 Sep 2011) New Revision: 17321 Modified: data/CVE/list Log: Chromium/webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-09-28 13:30:35 UTC (rev 17320) +++ data/CVE/list 2011-09-28 14:24:00 UTC (rev 17321) @@ -881,11 +881,11 @@ CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...) NOT-FOR-US: Apple Mac OS X CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before ...) - - chromium-browser <unfixed> - - webkit <undetermined> + - chromium-browser 14.0.835.163~r101024-1 + NOTE: duplicate CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before ...) - - chromium-browser <unfixed> - - webkit <undetermined> + - chromium-browser 14.0.835.163~r101024-1 + NOTE: duplicate CVE-2011-3419 RESERVED CVE-2011-3418 @@ -1350,7 +1350,9 @@ RESERVED CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...) - chromium-browser 14.0.835.163~r101024-1 + [squeeze] - chromium-browser <not-affected> - webkit <undetermined> + NOTE: http://trac.webkit.org/changeset/92132 CVE-2011-3233 RESERVED CVE-2011-3232 @@ -2359,10 +2361,14 @@ RESERVED CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (libv8 issue) + - libv8 <undetermined> + TODO: file bug CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2873 RESERVED CVE-2011-2872 @@ -2383,50 +2389,69 @@ RESERVED CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2863 RESERVED CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...) - TODO: check + - chromium-browser <not-affected> (pdf plugin) CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) - chromium-browser 14.0.835.163~r101024-1 + [squeeze] - chromium-browser <not-affected> - webkit <undetermined> + NOTE: http://trac.webkit.org/changeset/93794 CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) - chromium-browser 14.0.835.163~r101024-1 - webkit <undetermined> + NOTE: http://trac.webkit.org/changeset/93514 CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> (uses libv8 system copy) + - webkit <not-affected> + - libv8 3.4.14.21-1 CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...) - chromium-browser 14.0.835.163~r101024-1 + [squeeze] - chromium-browser <not-affected> - webkit <undetermined> + NOTE: http://trac.webkit.org/changeset/93227 CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) - chromium-browser 14.0.835.163~r101024-1 + [squeeze] - chromium-browser <not-affected> - webkit <undetermined> + NOTE: http://trac.webkit.org/changeset/94109 http://trac.webkit.org/changeset/94543 CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> (uses libv8 system copy) + - webkit <not-affected> + - libv8 3.4.14.21-1 CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 ...) - chromium-browser 14.0.835.163~r101024-1 - - webkit <undetermined> + [squeeze] - chromium-browser <not-affected> + - webkit <not-affected> (chromium specific) CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote ...) - chromium-browser 14.0.835.163~r101024-1 - webkit <undetermined>