[Secure-testing-commits] r14536 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Tue Apr 20 19:20:16 UTC 2010
Author: jmm-guest
Date: 2010-04-20 19:20:15 +0000 (Tue, 20 Apr 2010)
New Revision: 14536
Modified:
data/CVE/list
Log:
- add notes to further webkit commits
- remove irssi, this is a bug, not a security issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-04-20 19:02:44 UTC (rev 14535)
+++ data/CVE/list 2010-04-20 19:20:15 UTC (rev 14536)
@@ -1,4 +1,3 @@
-
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
TODO: check
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
@@ -201,10 +200,6 @@
- webkit <unfixed> (unimportant; bug #578019)
NOTE: i find it questionable whether this is really a security issue...
NOTE: iceweasel behaves the same way...it's probably the page caching feature
-CVE-2010-XXXX [irssi: ssl proxy issue]
- - irssi <undetermined>
- NOTE: http://www.openwall.com/lists/oss-security/2010/04/17/1
- TODO: check
CVE-2010-1564
REJECTED
CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
@@ -12902,6 +12897,7 @@
- kdelibs <unfixed> (unimportant)
- kde4libs <unfixed> (unimportant)
- qt4-x11 <undetermined> (unimportant)
+ NOTE: http://trac.webkit.org/changeset/44010
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
NOT-FOR-US: Mac OS X
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
@@ -12911,6 +12907,7 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/31890
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
{DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
@@ -12948,6 +12945,7 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/35157
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
{DSA-1866-1}
- webkit 0~svn32442-1
@@ -12972,22 +12970,26 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/42533
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/42216
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
- webkit 1.1.12-1 (medium; bug #535793)
- kdelibs <not-affected>
- kde4libs <undetermined>
- qt4-x11 <undetermined>
NOTE: invasive patch to backport.
+ NOTE: http://trac.webkit.org/changeset/40881
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/38065
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
{DSA-1988-1}
- webkit 1.0.1-4 (medium; bug #535793)
@@ -13009,24 +13011,29 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/41262
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
- webkit 1.1.12-1 (medium; bug #535793)
[lenny] - webkit <not-affected> (Vulnerable code not present)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/39510
+ NOTE: http://trac.webkit.org/changeset/39553
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
{DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/42223
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
{DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/35935
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
{DSA-1950-1}
- webkit 1.1.12-1 (medium; bug #535793)
@@ -13066,12 +13073,14 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.1.12-1 (low; bug #535793)
[lenny] - webkit <not-affected> (Vulnerable code not present)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -13086,17 +13095,20 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/31431
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.0.1-4 (medium; bug #535793)
- kdelibs <not-affected>
- kde4libs <unfixed>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/34574
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
{DSA-1950-1}
- webkit 1.1.12-1 (low; bug #535793)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/42365
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...)
NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...)
@@ -13107,6 +13119,7 @@
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 <undetermined>
+ NOTE: http://trac.webkit.org/changeset/42333
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
NOT-FOR-US: Safari in Apple iPhone OS
CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
@@ -22329,7 +22342,7 @@
[lenny] - webkit <no-dsa> (Minor issue)
- kdelibs <not-affected>
- kde4libs <not-affected>
- - qt4-x11 <undetermined>
+ - qt4-x11 <undetermined> (unimportant)
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
- iceweasel <not-affected>
NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
More information about the Secure-testing-commits
mailing list