Author: gilbert-guest
Date: 2011-02-22 00:41:41 +0000 (Tue, 22 Feb 2011)
New Revision: 16223
Modified:
data/CVE/list
Log:
webkit updates
Modified: data/CVE/list
==================================================================---
data/CVE/list 2011-02-21 21:14:43 UTC (rev 16222)
+++ data/CVE/list 2011-02-22 00:41:41 UTC (rev 16223)
@@ -199,20 +199,22 @@
- chromium-browser 9.0.597.98~r74359-1
- webkit <undetermined>
NOTE: http://trac.webkit.org/changeset/76264
+ TODO: ^ this has to be the wrong commit, its a vp8 fix, but that
doesn''t match the description at all
CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle
anonymous ...)
{DSA-2166-1}
- chromium-browser 9.0.597.98~r74359-1
- - webkit <undetermined>
+ - webkit <not-affected> (vulnerable code not yet present in 1.2)
+ TODO: check webkit > 1.3 when it gets uploaded
NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94
allows ...)
- chromium-browser 9.0.597.98~r74359-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/76990
CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event
...)
{DSA-2166-1}
- chromium-browser 9.0.597.98~r74359-1
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/76708
CVE-2011-0980 (Microsoft Office Excel 2003 does not properly parse Office Art
...)
NOT-FOR-US: Microsoft Office Excel 2003
@@ -633,12 +635,12 @@
CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag
and ...)
{DSA-2166-1}
- chromium-browser 9.0.597.84~r72991-1
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/71925
CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84
allows ...)
{DSA-2166-1}
- chromium-browser 9.0.597.84~r72991-1
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/72230
CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on
Mac ...)
- chromium-browser 9.0.597.84~r72991-1
@@ -1438,16 +1440,18 @@
- webkit <not-affected> (chromium specific)
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit <not-affected> (vulnerable code not present in 1.2)
+ TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/75082
NOTE: http://trac.webkit.org/changeset/75084
CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit <not-affected> (vulnerable code not present in 1.2)
+ TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/74787
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/74779
CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome
OS ...)
- chromium-browser <not-affected> (Chrome PDF plugin)
@@ -1462,7 +1466,7 @@
- webkit <not-affected> (chromium specific)
CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/74636
CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
@@ -1475,11 +1479,11 @@
- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/74574
CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/73927
NOTE: http://trac.webkit.org/changeset/73937
CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
@@ -1487,7 +1491,7 @@
- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0471 (The node-iteration implementation in Google Chrome before
8.0.552.237 ...)
- chromium-browser 6.0.472.63~r59945-5
- - webkit <undetermined>
+ - webkit <unfixed>
NOTE: http://trac.webkit.org/changeset/73559
NOTE: http://trac.webkit.org/changeset/73620
CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before
8.0.552.344 do ...)
@@ -2668,11 +2672,11 @@
NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before
8.0.552.343 do ...)
- chromium-browser 6.0.472.63~r59945-4
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/73432
CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in
WebCore/css/CSSParser.cpp ...)
- chromium-browser 6.0.472.63~r59945-4
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
NOTE: http://code.google.com/p/chromium/issues/detail?id=63866
NOTE: http://trac.webkit.org/changeset/72685
@@ -3072,16 +3076,16 @@
- webkit <not-affected> (never embedded libxml2''s xpath.c)
CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
- chromium-browser 6.0.472.63~r59945-3
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/72013
CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
- chromium-browser 6.0.472.63~r59945-3
- - webkit <undetermined>
+ - webkit 1.2.7-1
NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict
privileged ...)
- chromium-browser 9.0.597.45~r70550-1
[squeeze] - chromium-browser <not-affected>
- - webkit <undetermined>
+ - webkit <not-affected> (issue in chromium-specific webkit code)
NOTE: http://code.google.com/p/chromium/issues/detail?id=62168
NOTE: http://trac.webkit.org/changeset/71533
CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to
cause a ...)
@@ -3101,7 +3105,8 @@
- webkit <not-affected> (chromium issue)
CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215
...)
- chromium-browser 6.0.472.63~r59945-3
- - webkit <undetermined>
+ - webkit <not-affected> (vulnerable code not present in 1.2)
+ TODO: recheck when > 1.3 gets uploaded
NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the
...)
- chromium-browser <unfixed> (unimportant)
@@ -3117,9 +3122,10 @@
- chromium-browser 6.0.472.63~r59945-3
- webkit <undetermined>
NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
+ TODO: need webkit commit # (above bug is embargoed)
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215
allows ...)
- chromium-browser <unfixed> (unimportant)
- - webkit <undetermined>
+ - webkit <unfixed> (unimportant)
NOTE: unimportant, bypass the pop-up blocker
NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
...)
@@ -3830,7 +3836,7 @@
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/70652
CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the
data ...)
- - webkit <undetermined>
+ - webkit <unfixed>
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
NOTE: http://trac.webkit.org/changeset/70550
@@ -3849,10 +3855,11 @@
- webkit <undetermined>
- chromium-browser 6.0.472.63~r59945-2
NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
+ TODO: need webkit commit # (above bug report is embargoed)
CVE-2010-4200
REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast
of an ...)
- - webkit <undetermined>
+ - webkit 1.2.7-1
- chromium-browser 6.0.472.63~r59945-2
NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk
before ...)
@@ -4797,6 +4804,7 @@
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass
the ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows
man-in-the-middle ...)
NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures
before ...)
@@ -4804,35 +4812,45 @@
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3825
RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3815
RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c
in ...)
@@ -4850,15 +4868,19 @@
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.3 on ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through
10.6 and ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3807
RESERVED
CVE-2010-3806
@@ -4866,12 +4888,15 @@
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before
5.0.3 ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac
OS X ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows
remote ...)
NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute
...)
@@ -9059,6 +9084,7 @@
- chromium-browser 6.0.466.0~r52279-1
NOTE: This is a large series of risky behaviour-changing changesets.
NOTE: upstream changelog says this is fixed in 1.2.3, but i''m
doubtful of that
+ TODO: need commit #
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on
...)
- nginx <not-affected> (Windows-specific vulnerability when running on
NTFS)
CVE-2009-4892 (SQL injection vulnerability in Content Management System
WEBjump! ...)
@@ -10255,6 +10281,7 @@
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and
...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -10263,6 +10290,7 @@
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1
on the ...)
- webkit <undetermined>
- chromium-browser <undetermined>
+ TODO: need commit #
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch
allows ...)
NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch
does not ...)
@@ -10372,7 +10400,7 @@
- chromium-browser 5.0.375.125~r53311-1
NOTE: http://trac.webkit.org/changeset/62271
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through
10.6 and ...)
- - webkit <undetermined>
+ - webkit 1.2.7-1
- chromium-browser 5.0.375.127~r55887-1
NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899
NOTE: http://trac.webkit.org/changeset/62134
@@ -10386,6 +10414,7 @@
- webkit <undetermined>
- chromium-browser <undetermined>
NOTE: claimed fixed in upstream webkit 1.2.4 changelog, but no info currently
available
+ TODO: need commit #
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0.1 on ...)
- webkit 1.2.5-1
[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
@@ -10508,6 +10537,7 @@
NOTE: is CVE-2010-2441 a dup of this?
NOTE: chromium-sec don''t have info
NOTE: Sounds like it could be iPhone specific
+ TODO: need commit #
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and
iPod ...)
NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does
not ...)