thr3ads.net - Secure testing commits - [Secure-testing-commits] r17620

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2011-Nov-16 18:42 UTC
[Secure-testing-commits] r17620 - data/CVE

Author: jmm
Date: 2011-11-16 18:42:34 +0000 (Wed, 16 Nov 2011)
New Revision: 17620

Modified:
   data/CVE/list
Log:
NFUs
new chromium issues (some might also affect packages embedded by
  chromium, Guiseppe, can you investigate these?)


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-11-16 09:14:18 UTC (rev 17619)
+++ data/CVE/list	2011-11-16 18:42:34 UTC (rev 17620)
@@ -1451,11 +1451,11 @@
 CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to
execute ...)
 	- chasen <unfixed> (medium; bug #648359)
 CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom
feed-reader ...)
-	TODO: check
+	NOT-FOR-US: Iwate Portal Bar
 CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2
and ...)
-	TODO: check
+	NOT-FOR-US: Apple WebObjects
 CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote
...)
-	TODO: check
+	NOT-FOR-US: Opengear
 CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote
...)
 	NOT-FOR-US: CSWorks
 CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten
1.06 ...)
@@ -1479,7 +1479,7 @@
 CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0
allows ...)
 	NOT-FOR-US: Pligg
 CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3
allows ...)
-	TODO: check
+	NOT-FOR-US: Plume
 CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
 	NOT-FOR-US: KENT-WEB WEB FORUM
 CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM
5.1 and ...)
@@ -1701,19 +1701,30 @@
 CVE-2011-3899
 	RESERVED
 CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment
(JRE) ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before
15.0.874.120 ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows
remote ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google
Chrome ...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
+	TODO: might affect libvorbis or libav, didn''t check
 CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8
...)
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
 	TODO: check
 CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement
the MKV ...)
-	TODO: check
+	- chromium-browser <unfixed>
+	- webkit <undetermined>
+	TODO: might affect libtheora or libav
 CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome
...)
-	TODO: check
+	- chromium-browser <undetermined>
+	- webkit <undetermined>
+	TODO: might affect libtheora or libav
 CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict
access to ...)
 	- chromium-browser 15.0.874.106~r107270-1
 	- webkit <undetermined>
Secure testing commits - Nov 2011 - r17620 - data/CVE

[Secure-testing-commits] r17620 - data/CVE
