[Secure-testing-commits] r11418 - data/CVE
gilbert-guest at alioth.debian.org
gilbert-guest at alioth.debian.org
Tue Mar 17 02:39:27 UTC 2009
Author: gilbert-guest
Date: 2009-03-17 02:39:26 +0000 (Tue, 17 Mar 2009)
New Revision: 11418
Modified:
data/CVE/list
Log:
correction: i hadn't done enough testing. jpg and txt are handled ok by webkit, but general extensions (odp, xls, etc) are not.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-17 02:11:22 UTC (rev 11417)
+++ data/CVE/list 2009-03-17 02:39:26 UTC (rev 11418)
@@ -6084,7 +6084,8 @@
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
{CVE-2008-4723}
- NOTE: not reproducible using libwebkit-1.0-1 1.0.1-4 (midori 0.1.4and kazehakase 0.5.4-2.2)
+ - libwebkit-1.0-1 <unfixed> (medium; bug #520052)
+ NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
{CVE-2008-4724}
More information about the Secure-testing-commits
mailing list