Author: derevko-guest Date: 2010-07-03 15:34:42 +0000 (Sat, 03 Jul 2010) New Revision: 14955 Modified: data/CVE/list Log: chromium issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-03 02:44:43 UTC (rev 14954) +++ data/CVE/list 2010-07-03 15:34:42 UTC (rev 14955) @@ -411,8 +411,9 @@ NOT-FOR-US: Microsoft Internet Explorer CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...) - webkit <unfixed> (low) - - chromium-browser <unfixed> (low) + - chromium-browser 5.0.375.55~r47796-1 NOTE: poc seems to work, but only intermitently (maybe every 20th character) + NOTE: http://trac.webkit.org/changeset/58829 CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...) NOT-FOR-US: Subtitle Translation Wizard CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...) @@ -708,34 +709,34 @@ NOT-FOR-US: Symantec Sygate Personal Firewall CVE-2010-2304 (The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore ...) - webkit <unfixed> (medium; bug #586547) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59950 CVE-2010-2303 (page/Geolocation.cpp in WebCore in WebKit in Google Chrome before ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59859 CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59876 CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: http://trac.webkit.org/changeset/59109 CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...) - webkit <not-affected> (chromium-specific) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...) - webkit <not-affected> (chromium-specific) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) - webkit <undetermined> @@ -743,7 +744,7 @@ NOTE: access to google bug report is restricted CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...) - webkit <unfixed> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: http://trac.webkit.org/changeset/58829 CVE-2009-4900 RESERVED @@ -2057,24 +2058,24 @@ NOT-FOR-US: Apple iPhone Passcode Lock CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261 NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-1773 RESERVED - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508 NOTE: http://trac.webkit.org/changeset/59950 CVE-2010-1772 RESERVED - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388 NOTE: http://trac.webkit.org/changeset/59859 CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453 NOTE: http://trac.webkit.org/changeset/59876 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) @@ -2084,14 +2085,14 @@ NOTE: http://trac.webkit.org/changeset/59795 CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 TODO: someone with access to the webkit security list please track down commit CVE-2010-1768 RESERVED CVE-2010-1767 RESERVED - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843 NOTE: http://trac.webkit.org/changeset/57041 NOTE: if this is the right commit, then this is a dup of cve-2010-1501 @@ -2099,36 +2100,36 @@ CVE-2010-1766 RESERVED - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339 NOTE: http://trac.webkit.org/changeset/56380 CVE-2010-1765 RESERVED - webkit <not-affected> (doesn''t include cf code) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933 NOTE: http://trac.webkit.org/changeset/57995 TODO: is this commit correct? its labeled as a "build fix" CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410 NOTE: http://trac.webkit.org/changeset/55157 CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...) - webkit <not-affected> (vulnerable code introduced in svn58950, which isn''t included in 1.2.1 yet) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008 NOTE: http://trac.webkit.org/changeset/59486 TODO: recheck newer webkit uploads CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922 NOTE: http://trac.webkit.org/changeset/59241 NOTE: http://trac.webkit.org/changeset/59242 CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760 NOTE: http://trac.webkit.org/changeset/59263 CVE-2010-1760 @@ -2139,12 +2140,12 @@ NOTE: http://trac.webkit.org/changeset/58409 CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583 NOTE: http://trac.webkit.org/changeset/59109 CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.55~r47796-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697 NOTE: http://trac.webkit.org/changeset/59098 CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) @@ -2171,7 +2172,7 @@ TODO: someone with access to the webkit security list please track down the commit CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625 NOTE: http://trac.webkit.org/changeset/45941 @@ -3124,24 +3125,24 @@ NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824 NOTE: http://trac.webkit.org/changeset/58829 CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751 NOTE: http://trac.webkit.org/changeset/58703 CVE-2010-1420 RESERVED CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618 NOTE: http://trac.webkit.org/changeset/58616 CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031 @@ -3150,34 +3151,34 @@ NOTE: http://trac.webkit.org/changeset/57627 CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.29~r46008-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001 NOTE: http://trac.webkit.org/changeset/58201 NOTE: if this commit is correct, this is a dup of cve-2010-1665 TODO: request rejection CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838 NOTE: http://trac.webkit.org/changeset/56810 CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000 NOTE: http://trac.webkit.org/changeset/56420 CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818 NOTE: http://trac.webkit.org/changeset/55783 CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit <not-affected> (affected cf/iss code is not present) - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230 NOTE: http://trac.webkit.org/changeset/57232 CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635 NOTE: http://trac.webkit.org/changeset/57759 NOTE: http://trac.webkit.org/changeset/57817 @@ -3185,40 +3186,40 @@ - tiff 3.9.4-1 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603 NOTE: http://trac.webkit.org/changeset/55511 CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451 NOTE: http://trac.webkit.org/changeset/54193 CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571 NOTE: http://trac.webkit.org/changeset/56489 NOTE: http://trac.webkit.org/changeset/56492 NOTE: http://trac.webkit.org/changeset/56879 CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435 NOTE: http://trac.webkit.org/changeset/56365 CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841 NOTE: http://trac.webkit.org/changeset/50226 NOTE: http://trac.webkit.org/changeset/50240 CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198 NOTE: http://trac.webkit.org/changeset/56186 CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709 NOTE: http://trac.webkit.org/changeset/53446 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) @@ -3229,74 +3230,74 @@ TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one? CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598 NOTE: http://trac.webkit.org/changeset/55182 CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353 NOTE: http://trac.webkit.org/changeset/55196 CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734 NOTE: http://trac.webkit.org/changeset/54521 CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599 NOTE: http://trac.webkit.org/changeset/46437 CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305 NOTE: http://trac.webkit.org/changeset/55167 CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842 NOTE: http://trac.webkit.org/changeset/52034 NOTE: http://trac.webkit.org/changeset/55114 CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621 NOTE: http://trac.webkit.org/changeset/55462 NOTE: http://trac.webkit.org/changeset/55465 CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868 NOTE: http://trac.webkit.org/changeset/46068 CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: http://trac.webkit.org/changeset/55203 NOTE: http://trac.webkit.org/changeset/55212 CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683 NOTE: http://trac.webkit.org/changeset/53607 CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641 NOTE: http://trac.webkit.org/changeset/56297 CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243 NOTE: http://trac.webkit.org/changeset/56139 CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078 NOTE: http://trac.webkit.org/changeset/49487 CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148 NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970 @@ -3310,7 +3311,7 @@ NOTE: http://trac.webkit.org/changeset/47829 CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...) - webkit 1.2.1-2 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321 NOTE: http://trac.webkit.org/changeset/54129 NOTE: http://trac.webkit.org/changeset/54141 @@ -3318,7 +3319,7 @@ CVE-2010-1386 RESERVED - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255 NOTE: http://trac.webkit.org/changeset/56188 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...)