[Secure-testing-commits] r14536 - data/CVE

Moritz Muehlenhoff jmm-guest at alioth.debian.org
Tue Apr 20 19:20:16 UTC 2010


Author: jmm-guest
Date: 2010-04-20 19:20:15 +0000 (Tue, 20 Apr 2010)
New Revision: 14536

Modified:
   data/CVE/list
Log:
- add notes to further webkit commits
- remove irssi, this is a bug, not a security issue


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2010-04-20 19:02:44 UTC (rev 14535)
+++ data/CVE/list	2010-04-20 19:20:15 UTC (rev 14536)
@@ -1,4 +1,3 @@
-
 CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
 	TODO: check
 CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
@@ -201,10 +200,6 @@
 	- webkit <unfixed> (unimportant; bug #578019)
 	NOTE: i find it questionable whether this is really a security issue...
 	NOTE: iceweasel behaves the same way...it's probably the page caching feature
-CVE-2010-XXXX [irssi: ssl proxy issue]
-	- irssi <undetermined>
-	NOTE: http://www.openwall.com/lists/oss-security/2010/04/17/1
-	TODO: check
 CVE-2010-1564
 	REJECTED
 CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
@@ -12902,6 +12897,7 @@
 	- kdelibs <unfixed> (unimportant)
 	- kde4libs <unfixed> (unimportant)
 	- qt4-x11 <undetermined> (unimportant)
+        NOTE: http://trac.webkit.org/changeset/44010
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
@@ -12911,6 +12907,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/31890
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
@@ -12948,6 +12945,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/35157
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
 	{DSA-1866-1}
 	- webkit 0~svn32442-1
@@ -12972,22 +12970,26 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/42533
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/42216
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <undetermined>
 	- qt4-x11 <undetermined>
 	NOTE: invasive patch to backport.
+        NOTE: http://trac.webkit.org/changeset/40881
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/38065
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
 	{DSA-1988-1}
 	- webkit 1.0.1-4 (medium; bug #535793)
@@ -13009,24 +13011,29 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/41262
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/39510
+        NOTE: http://trac.webkit.org/changeset/39553
 CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/42223
 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/35935
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (medium; bug #535793)
@@ -13066,12 +13073,14 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
 	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
 	- webkit 1.1.5-1 (medium; bug #534946)
@@ -13086,17 +13095,20 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/31431
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <unfixed>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/34574
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/42365
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...)
 	NOT-FOR-US: iPhone
 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...)
@@ -13107,6 +13119,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 <undetermined>
+        NOTE: http://trac.webkit.org/changeset/42333
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
 	NOT-FOR-US: Safari in Apple iPhone OS
 CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
@@ -22329,7 +22342,7 @@
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 <undetermined> (unimportant)
 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
 	- iceweasel <not-affected>
 	NOTE: firefox not affected, see https://bugzilla.redhat.com/468397




More information about the Secure-testing-commits mailing list