Author: derevko-guest Date: 2010-07-04 08:19:20 +0000 (Sun, 04 Jul 2010) New Revision: 14956 Modified: data/CVE/list Log: chromium/webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-07-03 15:34:42 UTC (rev 14955) +++ data/CVE/list 2010-07-04 08:19:20 UTC (rev 14956) @@ -740,8 +740,13 @@ NOTE: http://trac.webkit.org/changeset/59495 CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...) - webkit <undetermined> - - chromium-browser <undetermined> - NOTE: access to google bug report is restricted + - chromium-browser 5.0.375.70~r48679-1 + NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031 + NOTE: http://trac.webkit.org/changeset/57627 + NOTE: http://trac.webkit.org/changeset/57658 + NOTE: http://trac.webkit.org/changeset/57658 + NOTE: http://trac.webkit.org/changeset/59769 + NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159 CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...) - webkit <unfixed> - chromium-browser 5.0.375.55~r47796-1 @@ -2080,7 +2085,7 @@ NOTE: http://trac.webkit.org/changeset/59876 CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit 1.2.1-3 - - chromium-browser <undetermined> + - chromium-browser 5.0.375.70~r48679-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626 NOTE: http://trac.webkit.org/changeset/59795 CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...) @@ -3224,7 +3229,7 @@ NOTE: http://trac.webkit.org/changeset/53446 CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser 5.0.342.9~r43360-1 NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708 NOTE: http://trac.webkit.org/changeset/53446 TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one? @@ -3323,14 +3328,14 @@ NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255 NOTE: http://trac.webkit.org/changeset/56188 CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...) - - webkit <undetermined> - - chromium-browser <undetermined> - NOTE: not enough info disclosed to be able to check - TODO: someone with access to webkit security list please track down commit + - webkit <not-affected> (this is a bug in Apple''s PDFKit) + - chromium-browser <not-affected> (this is a bug in Apple''s PDFKit) CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...) - webkit <undetermined> - - chromium-browser <undetermined> + - chromium-browser <unfixed> (unimportant) NOTE: not enough info disclosed to be able to check + NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model + NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar. TODO: someone with access to webkit security list please track down commit CVE-2010-1383 RESERVED @@ -5830,7 +5835,7 @@ NOT-FOR-US: Apple Mac OS X CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.2.1-1 - - chromium-browser <undetermined> + - chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation) NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662 NOTE: http://trac.webkit.org/changeset/58792 NOTE: http://trac.webkit.org/changeset/58796 @@ -16608,8 +16613,9 @@ CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...) NOT-FOR-US: Opera CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...) - - chromium-browser <undetermined> + - chromium-browser <unfixed> (unimportant) - webkit <not-affected> (chrome-specific issue) + NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...) - xulrunner <undetermined> (bug #565521) CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...)