[Secure-testing-commits] r11419 - data/CVE
gilbert-guest at alioth.debian.org
gilbert-guest at alioth.debian.org
Tue Mar 17 02:47:50 UTC 2009
Author: gilbert-guest
Date: 2009-03-17 02:47:50 +0000 (Tue, 17 Mar 2009)
New Revision: 11419
Modified:
data/CVE/list
Log:
change tracking for this issue to webkit source instead of binary package
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-03-17 02:39:26 UTC (rev 11418)
+++ data/CVE/list 2009-03-17 02:47:50 UTC (rev 11419)
@@ -6084,7 +6084,7 @@
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
{CVE-2008-4723}
- - libwebkit-1.0-1 <unfixed> (medium; bug #520052)
+ - webkit <unfixed> (medium; bug #520052)
NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
More information about the Secure-testing-commits
mailing list