[Secure-testing-commits] r12407 - data/CVE

[Luciano Bello]

Author: luciano
Date: 2009-07-25 01:35:16 +0000 (Sat, 25 Jul 2009)
New Revision: 12407

Modified:
   data/CVE/list
Log:
CVE-2009-1725 affects to  webkit, qt4-x11, kdelibs and kde4libs



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-07-24 21:34:40 UTC (rev 12406)
+++ data/CVE/list	2009-07-25 01:35:16 UTC (rev 12407)
@@ -2174,7 +2174,12 @@
 CVE-2009-1726
 	RESERVED
 CVE-2009-1725 (WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #538346)
+	- qt4-x11 <unfixed> (medium; bug #538347)
+	- kdelibs <unfixed> (medium; bug #538350)
+	- kde4libs <unfixed> (medium; bug #538349)
+	NOTE: patch http://trac.webkit.org/changeset/44799/
+	NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
 CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	TODO: check
 CVE-2009-1723