[Secure-testing-commits] r14535 - in data: . CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Apr 20 19:02:52 UTC 2010
Author: jmm-guest
Date: 2010-04-20 19:02:44 +0000 (Tue, 20 Apr 2010)
New Revision: 14535
Modified:
data/CVE/list
data/embedded-code-copies
Log:
- xotcl/expat code copy fixed
- qt4 triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-20 18:34:17 UTC (rev 14534)
+++ data/CVE/list 2010-04-20 19:02:44 UTC (rev 14535)
@@ -1,3 +1,4 @@
+
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
TODO: check
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
@@ -7527,7 +7528,8 @@
[lenny] - iceape <not-affected> (stub package)
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
- webkit 1.1.17-2 (medium; bug #559759)
- - qt4-x11 <undetermined> (bug #561760)
+ - qt4-x11 4:4.6.2-4 (bug #561760)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- kdelibs <not-affected> (vulnerable code not present)
- kde4libs <not-affected> (vulnerable code not present)
@@ -9503,7 +9505,9 @@
CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
- webkit 1.1.21-1 (medium; bug #559759)
NOTE: http://trac.webkit.org/changeset/49480
- - qt4-x11 <undetermined> (bug #561760)
+ - qt4-x11 4:4.6.2-4 (medium; bug #561760)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+ [lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- kdelibs <not-affected> (No support for HTML5 video tags)
- kde4libs <undetermined> (bug #561762)
@@ -9560,11 +9564,13 @@
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
- - webkit 1.1.21-1 (medium; bug #559759)
+ - webkit 1.1.21-1 (low; bug #559759)
[lenny] - webkit <not-affected> (vulnerable code not present)
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ - qt4-x11 4:4.6.2-4 (low)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+ [lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
NOTE: http://trac.webkit.org/changeset/47494
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
NOT-FOR-US: Apple iPhone OS
@@ -9611,7 +9617,9 @@
[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+ - qt4-x11 4:4.6.2-4 (low)
+ [lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
NOTE: http://trac.webkit.org/changeset/42483
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
NOT-FOR-US: Apple iPhone OS
@@ -12908,7 +12916,7 @@
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ - qt4-x11 <unfixed> (low)
NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
{DSA-1988-1}
@@ -13041,7 +13049,8 @@
NOTE: http://trac.webkit.org/changeset/32791
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ - qt4-x11 4.4.3-1
+ NOTE: QT4 might be fixed earlier, but only Lenny version was checked
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -25100,6 +25109,8 @@
RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
- webkit 1.0.1-4 (bug #499771)
+ - qt4-x11 4:4.6.2-4 (bug #561760)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
NOT-FOR-US: Apple iPod
@@ -28216,7 +28227,8 @@
- webkit 1.0.1-1
- kdelibs <unfixed>
- kde4libs <unfixed>
- - qt4-x11 <undetermined>
+ - qt4-x11 4:4.6.2-4
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
NOT-FOR-US: Windows issue
@@ -33038,11 +33050,11 @@
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...)
NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
- - webkit <unfixed> (unimportant)
- - qt4-x11 <unfixed> (unimportant)
- - kdelibs <unfixed> (unimportant)
- - kde4libs <unfixed> (unimportant)
- NOTE: browser crashes are considered unimportant
+ - webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
+ - qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
+ - kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
+ - kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
+ NOTE: Not reproducible, might be fixed before all the forks went off
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
@@ -60843,7 +60855,8 @@
- xulrunner 1.8.0.4-1 (medium)
- webkit 1.0.1-1 (bug #535793)
NOTE: http://trac.webkit.org/changeset/33380
- - qt4-x11 <undetermined> (bug #561760)
+ - qt4-x11 4:4.6.2-4 (low; bug #561760)
+ NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
- kdelibs <not-affected> (bug #561765)
- kde4libs <undetermined> (bug #561762)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies 2010-04-20 18:34:17 UTC (rev 14534)
+++ data/embedded-code-copies 2010-04-20 19:02:44 UTC (rev 14535)
@@ -1180,7 +1180,7 @@
- apache2 2.2 (embed)
- texlive-bin <not-affected> (Embedded code not compiled in)
- vnc4 <unfixed> (embed)
- - xotcl <unfixed> (embed)
+ - xotcl 1.6.6-1 (embed)
xerces-c
- xerces-c2 <unfixed> (old-version)
More information about the Secure-testing-commits
mailing list