[Secure-testing-commits] r19027 - data/CVE

Michael Gilbert Fri, 20 Apr 2012 14:40:32 -0700

Author: mgilbert
Date: 2012-04-20 21:40:20 +0000 (Fri, 20 Apr 2012)
New Revision: 19027


Modified:
   data/CVE/list
Log:
research some libv8 issues

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2012-04-20 21:40:00 UTC (rev 19026)
+++ data/CVE/list       2012-04-20 21:40:20 UTC (rev 19027)
@@ -11686,7 +11686,9 @@
 CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the 
EUC-JP ...)
        - chromium-browser 18.0.1025.142~r129054-1
 CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows 
remote ...)
-       - libv8 <unfixed>
+       - libv8 <undetermined>
+       NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
+       NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to 
bypass the ...)
        - chromium-browser 17.0.963.83~r127885-1
 CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does 
not ...)
@@ -12296,7 +12298,9 @@
        NOT-FOR-US: Citrix Access Gateway
 CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle 
Google V8 ...)
        - chromium-browser <not-affected> (chromium uses libv8 system copy)
-       - libv8 <unfixed>
+       - libv8 <undetermined>
+       NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
+       NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 
14.0.835.202 ...)
        - chromium-browser 14.0.835.202~r103287-1
        [squeeze] - chromium-browser <not-affected>
@@ -12326,7 +12330,8 @@
        [squeeze] - chromium-browser <not-affected>
        - webkit <not-affected> (libv8 issue)
        - libv8 <undetermined>
-       TODO: file bug
+       NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
+       NOTE: access restricted to chrome/libv8 bug log, so uncheckable
 CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected 
pin ...)
        - chromium-browser 14.0.835.163~r101024-1
        [squeeze] - chromium-browser <not-affected>
@@ -13943,7 +13948,7 @@
        - webkit <undetermined>
        NOTE: http://trac.webkit.org/changeset/88456
 CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, 
performs an ...)
-       - libv8 <unfixed>
+       - libv8 3.4.14-1  
        NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
 CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle 
Cascading ...)
        - chromium-browser 12.0.742.112~r90304-1
@@ -14375,7 +14380,8 @@
        NOT-FOR-US: Microsoft
 CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows 
remote ...)
        - chromium-browser 12.0.742.91~r87961-1
-       - libv8 <undetermined>
+       - libv8 3.4.14-1
+       NOTE: execScript removed in libv8 3.2 branch
 CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC 
media ...)
        {DSA-2257-1}
        - vlc 1.1.10-1


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r19027 - data/CVE

Reply via email to