[Secure-testing-commits] r14433 - data/CVE

Wed Apr 7 19:54:12 UTC 2010

Author: jmm-guest
Date: 2010-04-07 19:54:11 +0000 (Wed, 07 Apr 2010)
New Revision: 14433

Modified:
   data/CVE/list
Log:
more webkit triage


Modified: data/CVE/list
===================================================================

--- data/CVE/list	2010-04-07 19:36:03 UTC (rev 14432)
+++ data/CVE/list	2010-04-07 19:54:11 UTC (rev 14433)
@@ -74,14 +74,15 @@
 CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
 	TODO: check
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
-	- webkit 1.1.90-1
+	- webkit 1.1.90-1 (unimportant)
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
 	- chromium-browser <itp> (bug #520324) 
-	NOTE: http://trac.webkit.org/changeset/55511
+	NOTE: http://trac.webkit.org/changeset/55511, just a crasher
 CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...)
 	- webkit <unfixed>
+	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <undetermined>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
@@ -1762,6 +1763,7 @@
 CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
 	- chromium-browser <itp> (bug #520334)
 	- webkit 1.1.21-1 (low)
+ 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
@@ -2762,10 +2764,11 @@
 	NOT-FOR-US: Google SketchUp
 CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
 	- chromium-browser <itp> (bug #520324)
-	- webkit 1.1.21-1 (medium)
-	- qt4-x11 <undetermined> (medium)
-	- kdelibs <undetermined> (medium)
-	- kde4libs <undetermined> (medium)
+	- webkit 1.1.21-1 (low)
+ 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
+	- qt4-x11 <undetermined>
+	- kdelibs <undetermined>
+	- kde4libs <undetermined>
 CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
 	NOT-FOR-US: Safari
 CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)
@@ -9053,7 +9056,8 @@
 CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...)
-	- webkit 1.1.21-1 (medium; bug #559759)
+	- webkit 1.1.21-1 (low; bug #559759)
+ 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>


