[Secure-testing-commits] r14140 - data/CVE
Michael Gilbert
gilbert-guest at alioth.debian.org
Tue Feb 23 03:23:20 UTC 2010
Author: gilbert-guest
Date: 2010-02-23 03:23:19 +0000 (Tue, 23 Feb 2010)
New Revision: 14140
Modified:
data/CVE/list
Log:
webkit triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-02-23 00:58:48 UTC (rev 14139)
+++ data/CVE/list 2010-02-23 03:23:19 UTC (rev 14140)
@@ -3525,11 +3525,7 @@
- chromium-browser <itp> (low; bug #520324)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
- chromium-browser <itp> (low; bug #520324)
- - webkit <unfixed> (low; bug #560905)
- - qt4-x11 <undetermined> (bug #561760)
- [etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- - kdelibs <undetermined> (bug #561765)
- - kde4libs <undetermined> (bug #561762)
+ NOTE: gears is only implemented in chromium
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
- chromium-browser <itp> (low; bug #520324)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
@@ -7127,7 +7123,8 @@
CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
NOT-FOR-US: Apple Safari
CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...)
- - webkit <undetermined> (medium; bug #559759)
+ - webkit 1.1.21-1 (medium; bug #559759)
+ NOTE: http://trac.webkit.org/changeset/49480
- qt4-x11 <undetermined> (bug #561760)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- kdelibs <not-affected> (No support for HTML5 video tags)
@@ -7185,8 +7182,9 @@
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
- - webkit <unfixed> (medium; bug #559759)
+ - webkit 1.1.21-1 (medium; bug #559759)
[lenny] - webkit <not-affected> (vulnerable code not present)
+ NOTE: http://trac.webkit.org/changeset/47494
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...)
@@ -7228,8 +7226,8 @@
CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
NOT-FOR-US: Apple QuickTime
CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...)
- - webkit <unfixed> (medium; bug #559759)
- TODO: someone needs to gain membership to the webkit security list so we can actually check these issues
+ - webkit 1.1.21-1 (medium; bug #559759)
+ NOTE: http://trac.webkit.org/changeset/42483
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
NOT-FOR-US: Apple iPhone OS
CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...)
@@ -20976,8 +20974,7 @@
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
NOT-FOR-US: Safari
CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ NOT-FOR-US: Apple
CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...)
NOT-FOR-US: Apple
CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 ...)
@@ -25674,8 +25671,9 @@
CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 ...)
NOT-FOR-US: Apple Mac OS X
CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ NOT-FOR-US: Apple Mac OS X
+ NOTE: the original apple advisory (HT3613) is completely different from the current CVE
+ NOTE: description. it claims that this is a webkit issue, which is completely wrong
CVE-2008-2319
RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...)
More information about the Secure-testing-commits
mailing list