Author: derevko-guest
Date: 2010-05-06 20:56:54 +0000 (Thu, 06 May 2010)
New Revision: 14618
Modified:
data/CVE/list
Log:
chromium triage
Modified: data/CVE/list
==================================================================---
data/CVE/list 2010-05-06 17:57:23 UTC (rev 14617)
+++ data/CVE/list 2010-05-06 20:56:54 UTC (rev 14618)
@@ -6600,18 +6600,18 @@
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management
Module ...)
NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage
function ...)
- - chromium-browser <undetermined> (low)
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before
3.0.195.32, ...)
- webkit <not-affected> (chromium-specific issue in their timer)
- qt4-x11 <not-affected> (chromium-specific issue in their timer)
- kdelibs <not-affected> (chromium-specific issue in their timer)
- kde4libs <not-affected> (chromium-specific issue in their timer)
- - chromium-browser <undetermined> (low)
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- - chromium-browser <undetermined> (low)
+ - chromium-browser <not-affected> (Only 0.x is affected)
NOTE: gears is only implemented in chromium
CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
- - chromium-browser <undetermined> (low)
+ - chromium-browser <not-affected> (Only 3.x is affected)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
- file 5.03-1
[lenny] - file <not-affected>
@@ -8558,7 +8558,7 @@
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS
or (2) ...)
@@ -8566,9 +8566,9 @@
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10
allows ...)
NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21
omits an ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 3.x is affected)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x
and 3.x ...)
- - chromium-browser <undetermined> (low)
+ - chromium-browser <not-affected> (Only 3.x is affected)
NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI
(SSUI) ...)
@@ -8606,7 +8606,7 @@
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX
...)
NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to
cause ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to
cause a ...)
@@ -9650,9 +9650,9 @@
NOTE: browser crashes not treated as security issues
NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote
...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections
to a ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote
...)
NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange
3.0 ...)
@@ -9740,7 +9740,7 @@
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM
WebSphere ...)
NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to
cause ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
@@ -9799,7 +9799,7 @@
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in
Download ...)
NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google
Chrome ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News
Beta 2 ...)
NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2
allows ...)
@@ -9868,7 +9868,7 @@
- varnish 2.1.0-2 (unimportant)
NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows
remote ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in
Programmed ...)
NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before
2.0.3 ...)
@@ -10375,15 +10375,15 @@
CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows
remote ...)
NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc
in ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers
to ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before
saving ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google
Chrome ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 0.x is affected)
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default
password, ...)
NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4,
...)
@@ -11280,7 +11280,7 @@
CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the
Reward ...)
NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to
cause a ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows
remote ...)
@@ -11346,9 +11346,9 @@
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in
Admin News ...)
NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage
renderer ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8
before ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x and 2.x are affected)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows
remote ...)
{DSA-1848-1}
- znc 0.074-1 (medium; bug #537977)
@@ -12547,7 +12547,7 @@
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo
Palmonari ...)
NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before
...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara
1.0 ...)
{DSA-1822-1}
- mahara 1.1.5-1 (low)
@@ -12691,7 +12691,7 @@
CVE-2009-2072 (Apple Safari does not require a cached certificate before
displaying a ...)
NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate
for a ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx
CONNECT ...)
NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached
certificate for ...)
@@ -12713,7 +12713,7 @@
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT
response ...)
- xulrunner <undetermined> (bug #565521)
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before
...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to
determine ...)
NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine
the ...)
@@ -14318,12 +14318,12 @@
CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject
ActiveX ...)
NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a
denial of ...)
- - chromium-browser <undetermined>
+ - chromium-browser <unfixed> (low)
- webkit <unfixed> (bug #578982)
- qt4-x11 <undetermined>
- kdebase <undetermined>
- kde4libs <undetermined>
- NOTE: proof of concept works against webkit; claimed dos-only, but may be
+ NOTE: proof of concept works against webkit and chromium; claimed dos-only,
but may be
NOTE: be worse with a different payload
CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a
denial ...)
NOT-FOR-US: PumpKIN TFTP Server
@@ -14566,7 +14566,7 @@
CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x
...)
NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the
ParamTraits<SkBitmap>::Read function ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel
...)
{DSA-1800-1 DSA-1794-1 DSA-1787-1}
- linux-2.6 2.6.29-2 (bug #523365)
@@ -14642,11 +14642,11 @@
[etch] - gnutls26 <not-affected> (Vulnerable code not present)
[etch] - gnutls13 <not-affected> (Vulnerable code not present, only
affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object
persist ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 2.x is affected)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page
transition, ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol
handler ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
- iodine 0.5.1 (low)
[lenny] - iodine 0.4.2-2~lenny1
@@ -18809,7 +18809,7 @@
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire
Shopping ...)
NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict
access from ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (Only 1.x is affected)
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent
(GWIA) ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog
1.0.6 and ...)
@@ -18896,7 +18896,7 @@
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10,
...)
NOT-FOR-US: RealPlayer
CVE-2009-0374 (** DISPUTED ** ...)
- - chromium-browser <undetermined>
+ - chromium-browser (unimportant)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine
...)
NOT-FOR-US: Joomla
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in
Miltenovik ...)
@@ -19338,7 +19338,7 @@
- moin 1.8.1-1.1 (low)
NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google
...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (only 1.x is affected)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5,
7.0, ...)
NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell
...)
@@ -20414,7 +20414,7 @@
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer
8 beta ...)
NOT-FOR-US: Microsoft
CVE-2008-5749 (** DISPUTED ** ...)
- - chromium-browser <undetermined>
+ - chromium-browser <undetermined> (unimportant)
CVE-2008-5748 (Directory traversal vulnerability in
plugins/spaw2/dialogs/dialog.php ...)
NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass
...)
@@ -24012,7 +24012,7 @@
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to
bypass ...)
NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers
to ...)
- - chromium-browser <undetermined>
+ - chromium-browser <not-affected> (only 0.x is affected)
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA)
in ...)
NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the
brilliant_gallery_checklist_save ...)