[Secure-testing-commits] r12213 - data/CVE

Sun Jun 28 14:01:45 UTC 2009

Author: derevko-guest
Date: 2009-06-28 14:01:44 +0000 (Sun, 28 Jun 2009)
New Revision: 12213

Modified:
   data/CVE/list
Log:
webkit related issue triage

Modified: data/CVE/list
===================================================================

--- data/CVE/list	2009-06-28 09:46:23 UTC (rev 12212)
+++ data/CVE/list	2009-06-28 14:01:44 UTC (rev 12213)
@@ -1212,7 +1212,13 @@
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
 	TODO: check
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
-	TODO: check
+	- webkit 0~svn32442-1
+	NOTE: http://trac.webkit.org/changeset/32039
+	- kde4libs <not-affected> (Vulnerable code not present)
+	- kdegraphics <not-affected> (Vulnerable code not present, ksvg is only in 3.5.x series)
+	[lenny] - kdegraphics <unfixed> (medium; bug #534951)
+	[etch] - kdegraphics <unfixed> (medium; bug #534951)
+	- qt4-x11 4.5.0-1 (medium; bug #534947)
 CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...)
@@ -1235,8 +1241,11 @@
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
 	TODO: check
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
-	- webkit <unfixed>
-	TODO: File bug
+	- webkit 1.1.5-1 (medium; bug #534946)
+	NOTE: http://trac.webkit.org/changeset/42081
+	- kdelibs <unfixed> (medium; bug #534952)
+	- kde4libs <unfixed> (medium; bug #534949)
+	- qt4-x11 <unfixed> (medium; bug #534947)
 CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...)
 	TODO: check
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
@@ -1253,13 +1262,21 @@
 	- webkit <unfixed>
 	TODO: File bug
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
-	TODO: check
+	- webkit 1.1.5-1 (medium; bug #534946)
+	NOTE: http://trac.webkit.org/changeset/42532
+	- kdelibs <unfixed> (medium; bug #534952)
+	- kde4libs <unfixed> (medium; bug #534949)
+	NOTE: http://websvn.kde.org/?view=rev&revision=983316
+	- qt4-x11 <unfixed> (medium; bug #534947)
 CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	TODO: check
 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	TODO: check
 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
-	TODO: check
+	- webkit 1.1.5-1 (medium; bug #534946)
+	- kdelibs <unfixed> (bug #534952)
+	NOTE: http://trac.webkit.org/changeset/41854
+	- qt4-x11 <unfixed> (medium; bug #534946)
 CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	TODO: check
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
@@ -3870,11 +3887,12 @@
 	- freetype 2.3.9-4.1 (medium; bug #524925)
 CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...)
 	- qt4-x11 <unfixed> (medium; bug #532718)
-	- webkit <unfixed> (medium; bug #532724; bug #532725)
-	- kdelibs <unfixed> (medium; bug #534917)
-	[lenny] - kdelibs <not-affected> (khtml doesn't have SVG support)
+	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
+	NOTE: http://trac.webkit.org/changeset/43590
+	- kde4libs <unfixed> (medium; bug #534917)
+	[lenny] - kde4libs <not-affected> (khtml doesn't have SVG support)
 	NOTE: http://websvn.kde.org/?view=rev&revision=983302
-	- kdegraphics <not-affected> (Vulnerable code not present)
+	- kdegraphics <not-affected> (Vulnerable code not present, ksvg is only in 3.5.x series)
 	[lenny] - kdegraphics <unfixed> (medium; bug #534918)
 	[etch] - kdegraphics <unfixed> (medium; bug #534918)
 	NOTE: http://websvn.kde.org/?view=rev&revision=983306


