Author: geissert
Date: 2010-05-05 18:59:40 +0000 (Wed, 05 May 2010)
New Revision: 14605
Modified:
data/CVE/list
Log:
chromium-browser is now in experimental, oh dear
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-04 16:42:46 UTC (rev 14604)
+++ data/CVE/list 2010-05-05 18:59:40 UTC (rev 14605)
@@ -445,31 +445,31 @@
CVE-2010-1507
RESERVED
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059
allow ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <not-affected> (doesn''t use v8 bindings yet)
TODO: recheck newer webkits
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from
loading ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059
allows ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support
forms, ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <undetermined>
TODO: check
CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3
...)
@@ -1214,23 +1214,23 @@
- kdelibs <undetermined>
- kde4libs <undetermined>
- qt4-x11 <undetermined>
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: http://trac.webkit.org/changeset/55511
NOTE: evidence of memory corruption
http://code.google.com/p/chromium/issues/detail?id=37061
CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict
...)
- webkit <not-affected> (bug #577457; proof-of-concepts are not
effective against webkit)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: http://trac.webkit.org/changeset/55822
NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in
KURLGoogle.cpp
CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: issue in chrome-specific download dialog
CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036
allows ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: chrome-specific and claimed windows-only
CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036
allow ...)
- webkit <not-affected> (v8 and webgl not yet included)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: http://trac.webkit.org/changeset/55376
TODO: recheck as newer webkits get uploaded
CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to
cause a ...)
@@ -1238,23 +1238,23 @@
- kdelibs <undetermined>
- kde4libs <undetermined>
- qt4-x11 <undetermined>
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before
...)
- webkit <undetermined>
- kdelibs <undetermined>
- kde4libs <undetermined>
- qt4-x11 <undetermined>
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
TODO: check
CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected
behavior ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: chrome-specific issue
CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036
does ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: chrome-specific sandboxing issue
CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
NOTE: chrome-specific sandboxing issue
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
NOT-FOR-US: Sun Java System Communication Express
@@ -2890,36 +2890,36 @@
[lenny] - konversation <not-affected> (Doesn''t affect the
combination of kdelibs/QT in Lenny)
NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2010-0664 (Stack consumption vulnerability in the ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit
before ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit <not-affected> (no v8 code included yet)
TODO: recheck as newer webkits are uploaded
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the
Referer ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google
Chrome ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (low)
- qt4-x11 <undetermined> (low)
- kdelibs <undetermined> (low)
- kde4libs <undetermined> (low)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome
before ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the
...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before
4.0.249.78, ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (low)
- qt4-x11 <undetermined> (low)
- kdelibs <undetermined> (low)
- kde4libs <undetermined> (low)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78
allows ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets
even ...)
- xulrunner <undetermined> (bug #570743)
CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when
the ...)
@@ -2927,7 +2927,7 @@
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS
...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78
and ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (low)
[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression
higher than impact at hand)
- qt4-x11 <undetermined> (low)
@@ -2935,7 +2935,7 @@
- kde4libs <undetermined> (low)
NOTE: http://trac.webkit.org/changeset/52784
CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple
Safari, ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (unimportant)
NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
- qt4-x11 <undetermined> (unimportant)
@@ -2943,23 +2943,23 @@
- kde4libs <undetermined> (unimportant)
NOTE: unimportant because this is just a popup blocker bypass
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer
function ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to
...)
- xulrunner <undetermined> (bug #570743)
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before
4.0.249.89, ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (medium)
- qt4-x11 <undetermined> (medium)
- kdelibs <undetermined> (medium)
- kde4libs <undetermined> (medium)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8
before ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before
r3560, as ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is
...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct
connections to ...)
- - chromium-browser <itp> (bug #520334)
+ - chromium-browser <undetermined>
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to
read the ...)
NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
@@ -3229,7 +3229,7 @@
CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified
access ...)
NOT-FOR-US: IBM Cognos Express
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89
...)
- - chromium-browser <itp> (low; bug #520334)
+ - chromium-browser <undetermined> (low)
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows
remote ...)
NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows
remote ...)
@@ -3941,7 +3941,7 @@
CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote
...)
NOT-FOR-US: Google SketchUp
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before
4.0.249.89, ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit 1.1.21-1 (low)
[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression
higher than impact at hand)
- qt4-x11 <undetermined>
@@ -6563,18 +6563,18 @@
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management
Module ...)
NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage
function ...)
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (low)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before
3.0.195.32, ...)
- webkit <not-affected> (chromium-specific issue in their timer)
- qt4-x11 <not-affected> (chromium-specific issue in their timer)
- kdelibs <not-affected> (chromium-specific issue in their timer)
- kde4libs <not-affected> (chromium-specific issue in their timer)
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (low)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (low)
NOTE: gears is only implemented in chromium
CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (low)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -8021,7 +8021,7 @@
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall
(WAF) ...)
NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not
properly ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not
properly ...)
NOT-FOR-US: Apple Safari
CVE-2009-3454
@@ -8521,7 +8521,7 @@
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS
or (2) ...)
@@ -8529,9 +8529,9 @@
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10
allows ...)
NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (low)
NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI
(SSUI) ...)
@@ -8569,7 +8569,7 @@
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX
...)
NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to
cause ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
@@ -9460,7 +9460,7 @@
CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1
pre ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37,
and ...)
- - chromium-browser <itp> (bug #520324; unimportant)
+ - chromium-browser <undetermined> (unimportant)
NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1
pre; ...)
NOTE: This is a web site issue (open redirector), not a browser problem.
@@ -9613,9 +9613,9 @@
NOTE: browser crashes not treated as security issues
NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections
to a ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote
...)
NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange
3.0 ...)
@@ -9703,7 +9703,7 @@
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM
WebSphere ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
@@ -9762,7 +9762,7 @@
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in
Download ...)
NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google
Chrome ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News
Beta 2 ...)
NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2
allows ...)
@@ -9831,7 +9831,7 @@
- varnish 2.1.0-2 (unimportant)
NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
@@ -10338,15 +10338,15 @@
CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows
remote ...)
NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc
in ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers
to ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before
saving ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google
Chrome ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default
password, ...)
NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4,
...)
@@ -11243,7 +11243,7 @@
CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the
Reward ...)
NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to
cause a ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
@@ -11309,9 +11309,9 @@
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in
Admin News ...)
NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage
renderer ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8
before ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
{DSA-1848-1}
- znc 0.074-1 (medium; bug #537977)
@@ -11857,7 +11857,7 @@
CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute
...)
- eaccelerator-src <itp> (bug #460341)
CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript:
URIs ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in
Refresh ...)
NOT-FOR-US: Opera
CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not
block ...)
@@ -12510,7 +12510,7 @@
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo
Palmonari ...)
NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1822-1}
- mahara 1.1.5-1 (low)
@@ -12654,13 +12654,13 @@
CVE-2009-2072 (Apple Safari does not require a cached certificate before
displaying a ...)
NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate
for a ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx
CONNECT ...)
NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached
certificate for ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when
the ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2067 (Opera detects http content in https web pages only when the
top-level ...)
NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when
the ...)
@@ -12676,7 +12676,7 @@
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT
response ...)
- xulrunner <undetermined> (bug #565521)
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to
determine ...)
NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine
the ...)
@@ -12907,7 +12907,7 @@
[etch] - kdebase <no-dsa> (Minor issue)
- w3m <unfixed> (unimportant; bug #532521)
NOTE: w3m doesn''t have Javascript support and the boundary issue is
harmles
- - chromium-browser <itp> (low; bug #520324)
+ - chromium-browser <undetermined> (bug #520324)
- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
NOTE: lynx doesn''t have Javascript and form-data support
- dillo <not-affected> (bug #532522)
@@ -14037,7 +14037,7 @@
CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the
...)
NOT-FOR-US: Opera
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript:
URI in ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript:
URI in ...)
- xulrunner <undetermined> (bug #565521)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly
implement the ...)
@@ -14281,7 +14281,7 @@
CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject
ActiveX ...)
NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a
denial of ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
- webkit <unfixed> (bug #578982)
- qt4-x11 <undetermined>
- kdebase <undetermined>
@@ -14529,7 +14529,7 @@
CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x
...)
NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the
ParamTraits<SkBitmap>::Read function ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-2 (bug #523365)
@@ -14605,11 +14605,11 @@
[etch] - gnutls26 <not-affected> (Vulnerable code not present)
[etch] - gnutls13 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol
handler ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine 0.5.1 (low)
[lenny] - iodine 0.4.2-2~lenny1
@@ -18772,7 +18772,7 @@
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire
Shopping ...)
NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict
access from ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent
(GWIA) ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog
1.0.6 and ...)
@@ -18859,7 +18859,7 @@
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10,
...)
NOT-FOR-US: RealPlayer
CVE-2009-0374 (** DISPUTED ** ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine
...)
NOT-FOR-US: Joomla
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in
Miltenovik ...)
@@ -19301,7 +19301,7 @@
- moin 1.8.1-1.1 (low)
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google
...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5,
7.0, ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell
...)
@@ -20377,7 +20377,7 @@
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer
8 beta ...)
NOT-FOR-US: Microsoft
CVE-2008-5749 (** DISPUTED ** ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-5748 (Directory traversal vulnerability in
plugins/spaw2/dialogs/dialog.php ...)
NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass
...)
@@ -23975,7 +23975,7 @@
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to
bypass ...)
NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers
to ...)
- - chromium-browser <itp> (bug #520324)
+ - chromium-browser <undetermined>
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA)
in ...)
NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the
brilliant_gallery_checklist_save ...)