[Secure-testing-commits] r12973 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Sat Oct 10 05:59:34 UTC 2009
Author: gilbert-guest
Date: 2009-10-10 05:59:34 +0000 (Sat, 10 Oct 2009)
New Revision: 12973
Modified:
data/CVE/list
Log:
triage of some webkit issues
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2009-10-10 05:35:07 UTC (rev 12972)
+++ data/CVE/list 2009-10-10 05:59:34 UTC (rev 12973)
@@ -4362,13 +4362,16 @@
CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan ...)
NOT-FOR-US: Admin application in Apple Xsan
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
- TODO: check
+ - kdelibs <not-affected>
+ - webkit <not-affected> (gtk-based frame loader not affected)
+ - qt4-x11 <not-affected>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
NOTE: http://trac.webkit.org/changeset/44905
NOTE: http://trac.webkit.org/changeset/44909
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
- - webkit <unfixed> (medium)
- TODO: someone needs to gain membership to the webkit security list so we can actually check these issues
+ - kdelibs <not-affected>
+ - webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts)
+ - qt4-x11 <not-affected>
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...)
NOT-FOR-US: Apple GarageBand
CVE-2009-2197
More information about the Secure-testing-commits
mailing list