[Secure-testing-commits] r13456 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Dec 5 13:51:08 UTC 2009
Author: derevko-guest
Date: 2009-12-05 13:51:07 +0000 (Sat, 05 Dec 2009)
New Revision: 13456
Modified:
data/CVE/list
Log:
webkit issue triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-05 04:20:27 UTC (rev 13455)
+++ data/CVE/list 2009-12-05 13:51:07 UTC (rev 13456)
@@ -6126,6 +6126,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
- webkit 1.1.12-1 (medium)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
- qt4-x11 <unfixed> (medium; bug #544903)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
NOTE: http://trac.webkit.org/changeset/45696
@@ -7318,6 +7319,7 @@
- webkit 1.1.13-1 (low; bug #538402)
NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
TODO: check
+ NOTE: Can't find details on webkit
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...)
@@ -7339,13 +7341,12 @@
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
NOT-FOR-US: CFNetwork in Apple
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
- - webkit <unfixed> (medium; bug #535793)
+ - webkit 1.0.1-4 (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...)
- webkit <unfixed> (medium; bug #535793)
@@ -7354,8 +7355,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
{DSA-1866-1}
- webkit 0~svn32442-1
@@ -7375,14 +7375,12 @@
CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...)
NOT-FOR-US: Apple Safari
CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <no-dsa> (Minor issue)
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
More information about the Secure-testing-commits
mailing list