Author: gilbert-guest
Date: 2009-06-28 18:13:35 +0000 (Sun, 28 Jun 2009)
New Revision: 12215
Modified:
data/CVE/list
Log:
- fix up CVE-2009-1709 and i checked webkit svn commit 32442 and it does not
address this issue
- reversion: kde4libs not present in etch
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-28 17:59:41 UTC (rev 12214)
+++ data/CVE/list 2009-06-28 18:13:35 UTC (rev 12215)
@@ -1212,12 +1212,12 @@
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
TODO: check
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
- - webkit 0~svn32442-1
+ - webkit <unfixed>
+ TODO: determine appropriate webkit fixed version
NOTE: http://trac.webkit.org/changeset/32039
- kde4libs <not-affected> (Vulnerable code not present)
- - kdegraphics <not-affected> (Vulnerable code not present, ksvg is only
in 3.5.x series)
- [lenny] - kdegraphics <unfixed> (medium; bug #534951)
- [etch] - kdegraphics <unfixed> (medium; bug #534951)
+ - kdegraphics 4:4.0 (medium; bug #534951)
+ NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series)
- qt4-x11 4.5.0-1 (medium; bug #534947)
CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the
open-help-anchor ...)
NOT-FOR-US: Apple Safari
@@ -3891,7 +3891,6 @@
NOTE: http://trac.webkit.org/changeset/43590
- kde4libs <unfixed> (medium; bug #534917)
[lenny] - kde4libs <not-affected> (khtml doesn''t have SVG
support)
- [etch] - kde4libs <not-affected> (khtml doesn''t have SVG
support)
NOTE: http://websvn.kde.org/?view=rev&revision=983302
- kdegraphics 4:4.0 (medium; bug #534918)
NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series