Author: gilbert-guest Date: 2011-03-09 23:26:03 +0000 (Wed, 09 Mar 2011) New Revision: 16348 Modified: data/CVE/list Log: triage of incoming webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-03-09 23:23:41 UTC (rev 16347) +++ data/CVE/list 2011-03-09 23:26:03 UTC (rev 16348) @@ -1,3 +1,8 @@ +CVE-2011-XXXX [xslt memory leak] + - libxslt <unfixed> (bug #617413) + NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html +CVE-2011-XXXX [v8 issues] + - libv8 <unfixed> (bug #617418) CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...) TODO: check CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...) @@ -397,7 +402,8 @@ NOT-FOR-US: FreeBSD/NetBSD libc CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (vulnerable code introduced in commit 75823) + TODO: recheck once webkit 1.3 enters unstable NOTE: http://trac.webkit.org/changeset/78775 CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...) - chromium-browser 9.0.597.107~r75357-1 @@ -409,37 +415,42 @@ - chromium-browser 9.0.597.107~r75357-1 - webkit <undetermined> NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782 + TODO: ^ this bug is embargoed, please note the commit # CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> + NOTE: needs port (s/logicalBottom/bottom) NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (webgl support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77956 CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (device orientation code/support not present in 1.2) + TODO: recheck webkit 1.3 once its uploaded to unstable NOTE: http://trac.webkit.org/changeset/77418 CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state) + TODO: check webkit 1.3 once it enters unstable NOTE: http://trac.webkit.org/changeset/77141 CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...) - chromium-browser 9.0.597.107~r75357-1 @@ -449,22 +460,25 @@ - webkit <not-affected> (Chromium specific) CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> + NOTE: needs port (s/FormAssociatedElement/HTMLFormElement) NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (vulnerable code not present in 1.2) + TODO: check webkit 1.3 once it gets uploaded to unstable NOTE: http://trac.webkit.org/changeset/76828 CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) - chromium-browser 9.0.597.107~r75357-1 - webkit <not-affected> (Chromium specific) CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...) - chromium-browser 9.0.597.107~r75357-1 - - webkit <undetermined> + - webkit <not-affected> (history controller code not present in 1.2) + TODO: recheck webkit 1.3 once it gets uploaded to unstable NOTE: http://trac.webkit.org/changeset/76205 CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...) NOT-FOR-US: IBM Lotus Sametime @@ -613,7 +627,9 @@ NOT-FOR-US: WSN Guest CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...) - chromium-browser <undetermined> - - webkit <undetermined> + - webkit <not-affected> (history controller code not present in 1.2) + TODO: recheck webkit 1.3 once it enters unstable + NOTE: http://trac.webkit.org/changeset/77705 CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...) NOT-FOR-US: s389 LDAP server CVE-2011-XXXX [ADC path traversal] @@ -907,9 +923,9 @@ CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 - - webkit <undetermined> + - webkit <not-affected> (doesn''t include v8 code) NOTE: http://trac.webkit.org/changeset/76264 - TODO: ^ this has to be the wrong commit, its a vp8 fix, but that doesn''t match the description at all + TODO: ^ this has to be the wrong commit, its a v8 fix, but that doesn''t match the description at all CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1