[Secure-testing-commits] r13465 - in data: CVE NMU

Giuseppe Iuculano derevko-guest at alioth.debian.org
Sun Dec 6 16:32:54 UTC 2009 

Author: derevko-guest
Date: 2009-12-06 16:32:50 +0000 (Sun, 06 Dec 2009)
New Revision: 13465

Modified:
   data/CVE/list
   data/NMU/list
Log:
- webkit issue triage
- libstruts1.2-java NMUed


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-12-06 12:02:21 UTC (rev 13464)
+++ data/CVE/list	2009-12-06 16:32:50 UTC (rev 13465)
@@ -7335,8 +7335,8 @@
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
 	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
+	[lenny] - webkit <no-dsa> (Minor issue)
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
@@ -7344,17 +7344,17 @@
 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (low; bug #535793)
+	NOTE: http://trac.webkit.org/changeset/36359
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	NOTE: http://trac.webkit.org/changeset/34533
 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
+	NOTE: http://trac.webkit.org/changeset/41568
 CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
+	NOTE: http://trac.webkit.org/changeset/36918
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
@@ -7404,14 +7404,16 @@
 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
-	- webkit <unfixed> (medium; bug #535793)
-	TODO: work with upstream to determine affected/not-affected webkit versions
+	- webkit 1.1.12-1 (medium; bug #535793)
+	NOTE: http://trac.webkit.org/changeset/35928
 CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
+	NOTE: http://trac.webkit.org/changeset/41741
 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+	NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
 	{DSA-1868-1 DSA-1867-1}
 	- webkit 1.1.5-1 (medium; bug #534946)
@@ -23083,7 +23085,7 @@
 CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
 	NOT-FOR-US:  RSA Authentication Agent
 CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
-	- libstruts1.2-java <unfixed> (low; bug #528352)
+	- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
 CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
 	NOT-FOR-US: miniBB
 CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)

Modified: data/NMU/list
===================================================================
--- data/NMU/list	2009-12-06 12:02:21 UTC (rev 13464)
+++ data/NMU/list	2009-12-06 16:32:50 UTC (rev 13465)
@@ -178,3 +178,4 @@
 2009-11-10 openldap 2.4.17-2.1
 2009-11-21 gimp 2.6.7-1.1
 2009-11-29 audiofile 0.2.6-7.1
+2009-12-06 libstruts1.2-java 1.2.9-3.1

More information about the Secure-testing-commits mailing list