[Secure-testing-commits] r15895 - data/CVE

Moritz Muehlenhoff jmm at alioth.debian.org
Sun Jan 16 04:09:08 UTC 2011 

Author: jmm
Date: 2011-01-16 04:09:01 +0000 (Sun, 16 Jan 2011)
New Revision: 15895

Modified:
   data/CVE/list
Log:
qt cleanup: we don't really support qtwebkit (as does upstream)
the only remaining issue is harmless and doesn't warrant a DSA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2011-01-16 02:08:22 UTC (rev 15894)
+++ data/CVE/list	2011-01-16 04:09:01 UTC (rev 15895)
@@ -6491,7 +6491,9 @@
 CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...)
 	NOT-FOR-US: Joomanager
 CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...)
-	- qt4-x11 4:4.6.3-2 (bug #587711)
+	- qt4-x11 4:4.6.3-2 (low; bug #587711)
+	[lenny] - qt4-x11 <no-dsa> (Harmless impact)
+        NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597
 CVE-2010-2620 (Open&amp;Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...)
 	NOT-FOR-US: Open&Compact FTP Server
 CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...)
@@ -23004,6 +23006,7 @@
 	- kdelibs <unfixed> (unimportant)
 	- kde4libs <unfixed> (unimportant)
 	- qt4-x11 4:4.6.2-4 (low; bug #561760)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/44010
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
@@ -23015,6 +23018,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (bug #561760)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/31890
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
@@ -23055,6 +23059,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low; bug #561760)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/35157
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
@@ -23090,6 +23095,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/42216
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
@@ -23098,6 +23104,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <undetermined>
 	- qt4-x11 4:4.6.2-4
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: invasive patch to backport.
 	NOTE: http://trac.webkit.org/changeset/40881
@@ -23107,6 +23114,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/38065
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
@@ -23130,6 +23138,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/41262
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
@@ -23157,6 +23166,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/35935
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
@@ -23224,12 +23234,14 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/31431
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
 	- webkit 1.0.1-4 (bug #535793)
 	- kdelibs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/34574
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
@@ -23238,6 +23250,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/42365
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...)
@@ -23250,6 +23263,7 @@
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
 	NOTE: http://trac.webkit.org/changeset/42333
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)

More information about the Secure-testing-commits mailing list