Author: gilbert-guest Date: 2010-04-30 02:07:30 +0000 (Fri, 30 Apr 2010) New Revision: 14575 Modified: data/CVE/list Log: chrome updates Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-30 01:51:35 UTC (rev 14574) +++ data/CVE/list 2010-04-30 02:07:30 UTC (rev 14575) @@ -244,18 +244,32 @@ CVE-2010-1507 RESERVED CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...) - TODO: check + - chromium-browser <itp> (bug #520324) + - webkit <not-affected> (doesn''t use v8 bindings yet) + TODO: recheck newer webkits CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...) + - chromium-browser <itp> (bug #520324) + - webkit <undetermined> TODO: check CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...) NOT-FOR-US: MusicBox @@ -1000,10 +1014,7 @@ NOTE: http://trac.webkit.org/changeset/55511 NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...) - - webkit <unfixed> (bug #577457) - - kdelibs <undetermined> - - kde4libs <undetermined> - - qt4-x11 <undetermined> + - webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit) - chromium-browser <itp> (bug #520324) NOTE: http://trac.webkit.org/changeset/55822 NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in KURLGoogle.cpp