Author: derevko-guest Date: 2010-05-07 10:06:47 +0000 (Fri, 07 May 2010) New Revision: 14619 Modified: data/CVE/list Log: Get in contact with chromium security team, except for CVE-2009-2352 all recent CVEs are fixed in chromium 5.0.375.29~r46008-1. Need to determine CVE-2009-3456 CVE-2009-2068 and CVE-2009-1598 Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-05-06 20:56:54 UTC (rev 14618) +++ data/CVE/list 2010-05-07 10:06:47 UTC (rev 14619) @@ -495,31 +495,31 @@ CVE-2010-1507 RESERVED CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (doesn''t use v8 bindings yet) TODO: recheck newer webkits CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1501 (Cross-site request forgery (CSRF) vulnerability in Google Chrome ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <undetermined> TODO: check CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...) @@ -1263,23 +1263,23 @@ - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55511 NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...) - webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55822 NOTE: vulnerable code is in KURL.cpp even though the changeset says it is in KURLGoogle.cpp CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: issue in chrome-specific download dialog CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: chrome-specific and claimed windows-only CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...) - webkit <not-affected> (v8 and webgl not yet included) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: http://trac.webkit.org/changeset/55376 TODO: recheck as newer webkits get uploaded CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...) @@ -1287,23 +1287,23 @@ - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: http://code.google.com/p/chromium/issues/detail?id=34978 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...) - webkit <undetermined> - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 TODO: check CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: chrome-specific issue CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: chrome-specific sandboxing issue CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: chrome-specific sandboxing issue CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...) NOT-FOR-US: Sun Java System Communication Express @@ -2938,36 +2938,36 @@ [lenny] - konversation <not-affected> (Doesn''t affect the combination of kdelibs/QT in Lenny) NOTE: http://bugs.kde.org/show_bug.cgi?id=219985 CVE-2010-0664 (Stack consumption vulnerability in the ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0663 (The ParamTraits<SkBitmap>::Read function in ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0662 (The ParamTraits<SkBitmap>::Read function in ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit <not-affected> (no v8 code included yet) TODO: recheck as newer webkits are uploaded CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) - qt4-x11 <undetermined> (low) - kdelibs <undetermined> (low) - kde4libs <undetermined> (low) CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: claimed to be a windows-only issue CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) - qt4-x11 <undetermined> (low) - kdelibs <undetermined> (low) - kde4libs <undetermined> (low) CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0654 (Mozilla Firefox permits cross-origin loading of CSS stylesheets even ...) - xulrunner <undetermined> (bug #570743) CVE-2010-0653 (Opera permits cross-origin loading of CSS stylesheets even when the ...) @@ -2975,7 +2975,7 @@ CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...) NOT-FOR-US: Microsoft Internet Explorer CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - qt4-x11 <undetermined> (low) @@ -2983,7 +2983,7 @@ - kde4libs <undetermined> (low) NOTE: http://trac.webkit.org/changeset/52784 CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (unimportant) NOTE: http://code.google.com/p/chromium/issues/detail?id=3275 - qt4-x11 <undetermined> (unimportant) @@ -2991,23 +2991,23 @@ - kde4libs <undetermined> (unimportant) NOTE: unimportant because this is just a popup blocker bypass CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...) - xulrunner <undetermined> (bug #570743) CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (medium) - qt4-x11 <undetermined> (medium) - kdelibs <undetermined> (medium) - kde4libs <undetermined> (medium) CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...) NOT-FOR-US: Cisco Collaboration Server CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...) @@ -3277,7 +3277,7 @@ CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...) NOT-FOR-US: IBM Cognos Express CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...) - - chromium-browser <undetermined> (low) + - chromium-browser 5.0.375.29~r46008-1 CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...) NOT-FOR-US: LoganPro CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...) @@ -3978,7 +3978,7 @@ CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...) NOT-FOR-US: Google SketchUp CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 - webkit 1.1.21-1 (low) [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - qt4-x11 <undetermined> @@ -11894,7 +11894,9 @@ CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...) - eaccelerator-src <itp> (bug #460341) CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...) - - chromium-browser <undetermined> + - chromium-browser <unfixed> + NOTE: chromium security team doesn''t consider this a valid security issue + NOTE: http://crbug.com/40086 CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...) NOT-FOR-US: Opera CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...)