[Secure-testing-commits] r12696 - data/CVE

Nico Golde nion at alioth.debian.org
Thu Aug 27 17:57:16 UTC 2009


Author: nion
Date: 2009-08-27 17:57:16 +0000 (Thu, 27 Aug 2009)
New Revision: 12696

Modified:
   data/CVE/list
Log:
webkit fixes

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-08-27 17:47:51 UTC (rev 12695)
+++ data/CVE/list	2009-08-27 17:57:16 UTC (rev 12696)
@@ -3659,7 +3659,7 @@
 CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...)
 	NOT-FOR-US: ColorSync in Apple Mac OS X
 CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit ...)
-	- webkit <unfixed> (medium; bug #538346)
+	- webkit 1.1.13-1 (medium; bug #538346)
 	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
 	- kdelibs <not-affected> (medium; bug #538350)
 	- kde4libs <not-affected> (medium; bug #538349)
@@ -3668,7 +3668,7 @@
 	NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
 CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- qt4-x11 <unfixed> (low; bug #538403)
-	- webkit <unfixed> (low; bug #538402)
+	- webkit 1.1.13-1 (low; bug #538402)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
 	TODO: check 
 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)




More information about the Secure-testing-commits mailing list