[Secure-testing-commits] r12696 - data/CVE
Nico Golde
nion at alioth.debian.org
Thu Aug 27 17:57:16 UTC 2009
Author: nion
Date: 2009-08-27 17:57:16 +0000 (Thu, 27 Aug 2009)
New Revision: 12696
Modified:
data/CVE/list
Log:
webkit fixes
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-08-27 17:47:51 UTC (rev 12695)
+++ data/CVE/list 2009-08-27 17:57:16 UTC (rev 12696)
@@ -3659,7 +3659,7 @@
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...)
NOT-FOR-US: ColorSync in Apple Mac OS X
CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit ...)
- - webkit <unfixed> (medium; bug #538346)
+ - webkit 1.1.13-1 (medium; bug #538346)
- qt4-x11 4:4.5.2-2 (medium; bug #538347)
- kdelibs <not-affected> (medium; bug #538350)
- kde4libs <not-affected> (medium; bug #538349)
@@ -3668,7 +3668,7 @@
NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- qt4-x11 <unfixed> (low; bug #538403)
- - webkit <unfixed> (low; bug #538402)
+ - webkit 1.1.13-1 (low; bug #538402)
NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
TODO: check
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
More information about the Secure-testing-commits
mailing list