[Secure-testing-commits] r15795 - data/CVE
Moritz Muehlenhoff
jmm-guest at alioth.debian.org
Wed Jan 5 22:05:15 UTC 2011
Author: jmm-guest
Date: 2011-01-05 22:05:14 +0000 (Wed, 05 Jan 2011)
New Revision: 15795
Modified:
data/CVE/list
Log:
- new xen issue,
- new syslog-ng issue (kfreebsd-specific)
- new evince issues
- start marking webkit/lenny as no-dsa, since it's not going to be removed from stable
- php fixed
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2011-01-05 21:59:33 UTC (rev 15794)
+++ data/CVE/list 2011-01-05 22:05:14 UTC (rev 15795)
@@ -1,3 +1,6 @@
+CVE-2010-XXXX [syslog-ng log permissions]
+ - syslog-ng 3.1.3-2 (bug #608491)
+ [lenny] - syslog-ng <not-affected> (Freebsd-specific, which is not supported in Lenny)
CVE-2010-XXXX [XSS in ftpls]
- ftpcopy <unfixed> (bug #607494)
CVE-2011-0285
@@ -891,7 +894,7 @@
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla! extension
CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended ...)
NOT-FOR-US: Joomla!
CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, ...)
@@ -1250,9 +1253,9 @@
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton ...)
NOT-FOR-US: LittlePhpGallery
CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla! extension
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla! extension
CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...)
NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
@@ -1340,7 +1343,7 @@
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
NOT-FOR-US: Chameleon Social Networking
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
- NOT-FOR-US: Joomla!
+ NOT-FOR-US: Joomla! extension
CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does ...)
NOT-FOR-US: DaDaBIK
CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
@@ -1613,7 +1616,7 @@
- linux-2.6 <unfixed>
CVE-2010-4255 [linux: Xen direct pv guest access crash]
RESERVED
- - linux-2.6 <unfixed>
+ - xen <unfixed>
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
- moon <unfixed> (bug #608288)
NOTE: 201011251552.17678.thomas at suse.de
@@ -1873,7 +1876,7 @@
CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...)
NOT-FOR-US: DeluxeBB
CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ...)
- - php5 <unfixed>
+ - php5 5.3.3-7
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...)
- turbogears2 2.0.3-1
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)
@@ -5976,12 +5979,16 @@
NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2010-2643
RESERVED
+ - evince <unfixed>
CVE-2010-2642
RESERVED
+ - evince <unfixed>
CVE-2010-2641
RESERVED
+ - evince <unfixed>
CVE-2010-2640
RESERVED
+ - evince <unfixed>
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...)
NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...)
@@ -6461,6 +6468,7 @@
NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
- webkit 1.2.1-3 (low)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.55~r47796-1
NOTE: http://trac.webkit.org/changeset/58829
NOTE: above patch for cve-2010-1773 fixes the problem, so this seems to be a dup
@@ -9348,16 +9356,19 @@
- tiff 3.9.4-1
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
NOTE: http://trac.webkit.org/changeset/55511
CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
NOTE: http://trac.webkit.org/changeset/54193
CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
NOTE: http://trac.webkit.org/changeset/56489
@@ -9365,22 +9376,26 @@
NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
NOTE: http://trac.webkit.org/changeset/56365
CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
NOTE: http://trac.webkit.org/changeset/50226
NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
NOTE: http://trac.webkit.org/changeset/56186
CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
NOTE: http://trac.webkit.org/changeset/53446
@@ -9392,73 +9407,87 @@
TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
NOTE: http://trac.webkit.org/changeset/55182
CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
NOTE: http://trac.webkit.org/changeset/55196
CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
NOTE: http://trac.webkit.org/changeset/54521
CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
NOTE: http://trac.webkit.org/changeset/46437
CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
NOTE: http://trac.webkit.org/changeset/55167
CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
NOTE: http://trac.webkit.org/changeset/52034
NOTE: http://trac.webkit.org/changeset/55114
CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
NOTE: http://trac.webkit.org/changeset/55462
NOTE: http://trac.webkit.org/changeset/55465
CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
NOTE: http://trac.webkit.org/changeset/46068
CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: http://trac.webkit.org/changeset/55203
NOTE: http://trac.webkit.org/changeset/55212
CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
NOTE: http://trac.webkit.org/changeset/56297
CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
NOTE: http://trac.webkit.org/changeset/56139
CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
NOTE: http://trac.webkit.org/changeset/49487
CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
@@ -9473,6 +9502,7 @@
NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...)
- webkit 1.2.1-2
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
NOTE: http://trac.webkit.org/changeset/54129
@@ -9480,6 +9510,7 @@
NOTE: http://trac.webkit.org/changeset/54265
CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before ...)
- webkit 1.2.2-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.342.9~r43360-1
NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
NOTE: http://trac.webkit.org/changeset/56188
@@ -9874,6 +9905,7 @@
NOT-FOR-US: Novell NetWare
CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
- webkit 1.1.90-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: http://trac.webkit.org/changeset/55511
NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
@@ -9894,6 +9926,7 @@
TODO: recheck as newer webkits get uploaded
CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
- webkit 1.1.90-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
@@ -10282,6 +10315,7 @@
NOT-FOR-US: Apple Type Services
CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
- webkit 1.2.1-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850
NOTE: http://trac.webkit.org/changeset/53501
NOTE: http://trac.webkit.org/changeset/53504
@@ -11632,6 +11666,7 @@
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.1.21-1 (low)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- qt4-x11 <undetermined> (low)
- kdelibs <undetermined> (low)
- kde4libs <undetermined> (low)
@@ -11645,6 +11680,7 @@
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.1.21-1 (low)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- qt4-x11 <undetermined> (low)
- kdelibs <undetermined> (low)
- kde4libs <undetermined> (low)
@@ -11687,6 +11723,7 @@
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
- chromium-browser 5.0.375.29~r46008-1
- webkit 1.1.21-1 (medium)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- qt4-x11 <undetermined> (medium)
- kdelibs <undetermined> (medium)
- kde4libs <undetermined> (medium)
@@ -12018,6 +12055,7 @@
NOT-FOR-US: Apple Mac OS X
CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.2.1-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation)
NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
NOTE: http://trac.webkit.org/changeset/58792
@@ -12666,6 +12704,7 @@
- kde4libs <undetermined>
CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
- webkit 1.1.90-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- chromium-browser 5.0.375.29~r46008-1
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)
NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
@@ -14095,6 +14134,7 @@
CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -14124,6 +14164,7 @@
CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -14131,6 +14172,7 @@
CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -14138,6 +14180,7 @@
CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -14145,6 +14188,7 @@
CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -14152,6 +14196,7 @@
CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
- chromium-browser 6.0.466.0~r52279-1
- webkit 1.1.90-1 (bug #574064)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kde4libs <undetermined>
- kdelibs <undetermined>
- qt4-x11 <undetermined>
@@ -17032,6 +17077,7 @@
[lenny] - iceape <not-affected> (stub package)
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
- webkit 1.1.17-2 (medium; bug #559759)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- qt4-x11 4:4.6.2-4 (bug #561760)
[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
@@ -19019,6 +19065,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...)
- webkit 1.1.21-1 (medium; bug #559759)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
NOTE: http://trac.webkit.org/changeset/49480
- qt4-x11 4:4.6.2-4 (medium; bug #561760)
NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
@@ -20538,6 +20585,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...)
- webkit 1.1.10-1
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2009-2418
RESERVED
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
@@ -22388,6 +22436,7 @@
- qt4-x11 <undetermined> (bug #538403)
[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
- webkit 1.1.13-1 (low; bug #538402)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kdelibs <unfixed> (unimportant)
- kde4libs <unfixed> (unimportant)
NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
@@ -22492,6 +22541,7 @@
NOTE: http://trac.webkit.org/changeset/42533
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
- webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 4:4.6.2-4 (low)
@@ -22499,6 +22549,7 @@
NOTE: http://trac.webkit.org/changeset/42216
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
- webkit 1.1.12-1 (medium; bug #535793)
+ [lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps)
- kdelibs <not-affected>
- kde4libs <undetermined>
- qt4-x11 4:4.6.2-4
@@ -22507,6 +22558,7 @@
NOTE: http://trac.webkit.org/changeset/40881
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
- webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
- kdelibs <not-affected>
- kde4libs <not-affected>
- qt4-x11 4:4.6.2-4 (low)
More information about the Secure-testing-commits
mailing list