gilbert-guest at alioth.debian.org
2009-Mar-17 02:39 UTC
[Secure-testing-commits] r11418 - data/CVE
Author: gilbert-guest
Date: 2009-03-17 02:39:26 +0000 (Tue, 17 Mar 2009)
New Revision: 11418
Modified:
data/CVE/list
Log:
correction: i hadn''t done enough testing. jpg and txt are handled ok
by webkit, but general extensions (odp, xls, etc) are not.
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-03-17 02:11:22 UTC (rev 11417)
+++ data/CVE/list 2009-03-17 02:39:26 UTC (rev 11418)
@@ -6084,7 +6084,8 @@
NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
{CVE-2008-4723}
- NOTE: not reproducible using libwebkit-1.0-1 1.0.1-4 (midori 0.1.4and
kazehakase 0.5.4-2.2)
+ - libwebkit-1.0-1 <unfixed> (medium; bug #520052)
+ NOTE: webkit properly handles this issue with respect to extensions
such as jpg and txt, but not in general; for example, the attack works for odp,
xls, etc extensions (only tested with midori 0.1.4)
NOTE: not reproducible using iceweasel 3.0.1
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
{CVE-2008-4724}