[Secure-testing-commits] r12145 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed Jun 17 22:53:04 UTC 2009
Author: gilbert-guest
Date: 2009-06-17 22:53:04 +0000 (Wed, 17 Jun 2009)
New Revision: 12145
Modified:
data/CVE/list
Log:
lenny's webkit is vulnerable to CVE-2008-4723
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-17 22:10:43 UTC (rev 12144)
+++ data/CVE/list 2009-06-17 22:53:04 UTC (rev 12145)
@@ -9932,7 +9932,9 @@
NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
- NOTE: Bogus ID, see https://bugzilla.redhat.com/show_bug?id=468397
+ - webkit 1.1.7-1 (low; bug #520052)
+ NOTE: webkit in lenny is vulnerable to the proof of concept exploit
+ NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
More information about the Secure-testing-commits
mailing list