[Secure-testing-commits] r14535 - in data: . CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 20 19:02:52 UTC 2010 

Author: jmm-guest
Date: 2010-04-20 19:02:44 +0000 (Tue, 20 Apr 2010)
New Revision: 14535

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
- xotcl/expat code copy fixed
- qt4 triage


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-20 18:34:17 UTC (rev 14534)
+++ data/CVE/list	2010-04-20 19:02:44 UTC (rev 14535)
@@ -1,3 +1,4 @@
+
 CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
 	TODO: check
 CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
@@ -7527,7 +7528,8 @@
 	[lenny] - iceape <not-affected> (stub package)
 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
 	- webkit 1.1.17-2 (medium; bug #559759)
-	- qt4-x11 <undetermined> (bug #561760)
+	- qt4-x11 4:4.6.2-4 (bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
 	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
 	- kdelibs <not-affected> (vulnerable code not present)
 	- kde4libs <not-affected> (vulnerable code not present)
@@ -9503,7 +9505,9 @@
 CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
 	- webkit 1.1.21-1 (medium; bug #559759)
 	NOTE: http://trac.webkit.org/changeset/49480
-	- qt4-x11 <undetermined> (bug #561760)
+	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
 	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
 	- kdelibs <not-affected> (No support for HTML5 video tags)
 	- kde4libs <undetermined> (bug #561762)
@@ -9560,11 +9564,13 @@
 CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
 	NOT-FOR-US: Apple iTunes
 CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
-	- webkit 1.1.21-1 (medium; bug #559759)
+	- webkit 1.1.21-1 (low; bug #559759)
 	[lenny] - webkit <not-affected> (vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
 	NOTE: http://trac.webkit.org/changeset/47494
 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
 	NOT-FOR-US: Apple iPhone OS
@@ -9611,7 +9617,9 @@
 	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
 	NOTE: http://trac.webkit.org/changeset/42483
 CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
 	NOT-FOR-US: Apple iPhone OS
@@ -12908,7 +12916,7 @@
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 <unfixed> (low)
 	NOTE: http://trac.webkit.org/changeset/36359
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
 	{DSA-1988-1}
@@ -13041,7 +13049,8 @@
 	NOTE: http://trac.webkit.org/changeset/32791
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4.4.3-1
+	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
 	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
 	- webkit 1.1.5-1 (medium; bug #534946)
@@ -25100,6 +25109,8 @@
 	RESERVED
 CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
 	- webkit 1.0.1-4 (bug #499771)
+	- qt4-x11 4:4.6.2-4 (bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
 	NOTE: http://trac.webkit.org/changeset/34815
 CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
 	NOT-FOR-US: Apple iPod
@@ -28216,7 +28227,8 @@
 	- webkit 1.0.1-1
 	- kdelibs <unfixed>
 	- kde4libs <unfixed>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/34204
 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
 	NOT-FOR-US: Windows issue
@@ -33038,11 +33050,11 @@
 CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...)
 	NOT-FOR-US: Mapbender
 CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
-	- webkit <unfixed> (unimportant)
-	- qt4-x11 <unfixed> (unimportant)
-	- kdelibs <unfixed> (unimportant)
-	- kde4libs <unfixed> (unimportant)
-	NOTE: browser crashes are considered unimportant
+	- webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
+	- qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
+	- kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
+	- kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
+	NOTE: Not reproducible, might be fixed before all the forks went off
 CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
 	NOT-FOR-US: PhotoKorn
 CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
@@ -60843,7 +60855,8 @@
 	- xulrunner 1.8.0.4-1 (medium)
 	- webkit 1.0.1-1 (bug #535793)
 	NOTE: http://trac.webkit.org/changeset/33380
-	- qt4-x11 <undetermined> (bug #561760)
+	- qt4-x11 4:4.6.2-4 (low; bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
 	- kdelibs <not-affected> (bug #561765)
 	- kde4libs <undetermined> (bug #561762)
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)

Modified: data/embedded-code-copies
===================================================================
--- data/embedded-code-copies	2010-04-20 18:34:17 UTC (rev 14534)
+++ data/embedded-code-copies	2010-04-20 19:02:44 UTC (rev 14535)
@@ -1180,7 +1180,7 @@
 	- apache2 2.2 (embed)
 	- texlive-bin <not-affected> (Embedded code not compiled in)
 	- vnc4 <unfixed> (embed)
-	- xotcl <unfixed> (embed)
+	- xotcl 1.6.6-1 (embed)
 
 xerces-c
 	- xerces-c2 <unfixed> (old-version)

More information about the Secure-testing-commits mailing list