[Secure-testing-commits] r12146 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Wed Jun 17 23:01:35 UTC 2009
Author: gilbert-guest
Date: 2009-06-17 23:01:35 +0000 (Wed, 17 Jun 2009)
New Revision: 12146
Modified:
data/CVE/list
Log:
got CVEs mixed up in last commit.
- i've checked, webkit in unstable no longer vulnerable PoC for CVE-2008-4724 (lenny still affected, but issue considered minor)
- appropriately tagged iceweasel as not-affected (CVE-2008-4723)
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-06-17 22:53:04 UTC (rev 12145)
+++ data/CVE/list 2009-06-17 23:01:35 UTC (rev 12146)
@@ -9927,13 +9927,12 @@
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
- - webkit <unfixed> (low; bug #520052)
+ - webkit 1.1.7-1 (low; bug #520052)
[lenny] - webkit <no-dsa> (Minor issue)
NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
- - webkit 1.1.7-1 (low; bug #520052)
- NOTE: webkit in lenny is vulnerable to the proof of concept exploit
+ - iceweasel <not-affected>
NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
NOT-FOR-US: Sun ILOM
More information about the Secure-testing-commits
mailing list