[Secure-testing-commits] r13457 - data/CVE
Giuseppe Iuculano
derevko-guest at alioth.debian.org
Sat Dec 5 18:24:26 UTC 2009
Author: derevko-guest
Date: 2009-12-05 18:24:24 +0000 (Sat, 05 Dec 2009)
New Revision: 13457
Modified:
data/CVE/list
Log:
webkit issue triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-12-05 13:51:07 UTC (rev 13456)
+++ data/CVE/list 2009-12-05 18:24:24 UTC (rev 13457)
@@ -7381,12 +7381,11 @@
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
- webkit 1.1.12-1 (medium; bug #535793)
+ NOTE: invasive patch to backport.
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
{DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -7395,27 +7394,23 @@
- kde4libs 4:4.3.0-1 (medium; bug #534949)
- qt4-x11 4:4.5.2-1 (medium; bug #534947)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.15.2-1 (medium; bug #535793)
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
- - webkit <unfixed> (medium; bug #535793)
+ - webkit 1.1.12-1 (low; bug #535793)
NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
- TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
{DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -7425,11 +7420,11 @@
NOTE: http://websvn.kde.org/?view=rev&revision=983316
- qt4-x11 4:4.5.2-1 (medium; bug #534947)
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
{DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -7438,22 +7433,18 @@
NOTE: http://trac.webkit.org/changeset/41854
- qt4-x11 4:4.5.2-1 (medium; bug #534946)
CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
- TODO: check
+ - webkit 1.1.12-1 (medium; bug #535793)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...)
NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...)
NOT-FOR-US: Apple Safari
CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
NOT-FOR-US: Safari in Apple iPhone OS
CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
More information about the Secure-testing-commits
mailing list