[Secure-testing-commits] r12775 - data/CVE

[Florian Weimer]

Author: fw
Date: 2009-09-09 18:34:09 +0000 (Wed, 09 Sep 2009)
New Revision: 12775

Modified:
   data/CVE/list
Log:
Open redirectors are web site issues, not browser bugs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2009-09-09 17:15:17 UTC (rev 12774)
+++ data/CVE/list	2009-09-09 18:34:09 UTC (rev 12775)
@@ -249,19 +249,20 @@
 CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
-	TODO: check
-	NOTE: I am not sure if this is even a security issue, sure that is javascript executed in
-	NOTE: the content of the browser but I'm not sure if anything _cross-site_ works as well
+	NOTE: This is a web site issue (open redirector), not a browser problem.
 CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
-	TODO: check
+	NOTE: This is a web site issue (open redirector), not a browser problem.
+	- iceweasel <unfixed> (unimportant)
 CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
 	NOT-FOR-US: Opera
 CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
-	TODO: check
+	NOTE: This is a web site issue (open redirector), not a browser problem.
 CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
-	- chromium-browser <itp> (bug #520324)
+	- chromium-browser <itp> (bug #520324; unimportant)
+	NOTE: This is a web site issue (open redirector), not a browser problem.
 CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
-	TODO: check
+	NOTE: This is a web site issue (open redirector), not a browser problem.
+	- iceweasel <unfixed> (unimportant)
 CVE-2009-3009
 	RESERVED
 CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)