[Secure-testing-commits] r13456 - data/CVE

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sat Dec 5 13:51:08 UTC 2009


Author: derevko-guest
Date: 2009-12-05 13:51:07 +0000 (Sat, 05 Dec 2009)
New Revision: 13456

Modified:
   data/CVE/list
Log:
webkit issue triage

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-05 04:20:27 UTC (rev 13455)
+++ data/CVE/list	2009-12-05 13:51:07 UTC (rev 13456)
@@ -6126,6 +6126,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
 	- webkit 1.1.12-1 (medium)
+	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- qt4-x11 <unfixed> (medium; bug #544903)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
 	NOTE: http://trac.webkit.org/changeset/45696
@@ -7318,6 +7319,7 @@
 	- webkit 1.1.13-1 (low; bug #538402)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
 	TODO: check 
+	NOTE: Can't find details on webkit
 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
 	NOT-FOR-US: CFNetwork in Apple Mac OS X
 CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...)
@@ -7339,13 +7341,12 @@
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
 	NOT-FOR-US: CFNetwork in Apple
 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.0.1-4 (medium; bug #535793)
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
 	- webkit <unfixed> (medium; bug #535793)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
-	- webkit <unfixed> (medium; bug #535793)
+	- webkit 1.0.1-4 (medium; bug #535793)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...)
 	- webkit <unfixed> (medium; bug #535793)
@@ -7354,8 +7355,7 @@
 	- webkit <unfixed> (medium; bug #535793)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
 	{DSA-1866-1}
 	- webkit 0~svn32442-1
@@ -7375,14 +7375,12 @@
 CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (low; bug #535793)
+	[lenny] - webkit <no-dsa> (Minor issue)
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (low; bug #535793)
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
 	- webkit <unfixed> (medium; bug #535793)
 	TODO: work with upstream to determine affected/not-affected webkit versions




More information about the Secure-testing-commits mailing list