Secure testing commits - Jul 2009 - r12275 - data/CVE

Author: gilbert-guest
Date: 2009-07-05 05:32:54 +0000 (Sun, 05 Jul 2009)
New Revision: 12275

Modified:
   data/CVE/list
Log:
beginning of massive webkit issue triage


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-07-05 04:19:00 UTC (rev 12274)
+++ data/CVE/list	2009-07-05 05:32:54 UTC (rev 12275)
@@ -1445,23 +1445,30 @@
 CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on
Mac OS X ...)
 	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not
properly ...)
 	NOT-FOR-US: CFNetwork in Apple
 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize
memory ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
 	- webkit 0~svn32442-1
 	NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230
@@ -1480,16 +1487,20 @@
 CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded
image ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to
file: ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
-	- webkit <unfixed>
-	TODO: File bug
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0,
iPhone ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	- webkit 1.1.5-1 (medium; bug #534946)
 	NOTE: http://trac.webkit.org/changeset/42081
@@ -1497,20 +1508,26 @@
 	- kde4libs <unfixed> (medium; bug #534949)
 	- qt4-x11 <unfixed> (medium; bug #534947)
 CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before
4.0, ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1692 (WebKit in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	- webkit <unfixed>
-	TODO: File bug
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
 	- webkit 1.1.5-1 (medium; bug #534946)
 	NOTE: http://trac.webkit.org/changeset/42532
@@ -1519,26 +1536,33 @@
 	NOTE: http://websvn.kde.org/?view=rev&revision=983316
 	- qt4-x11 <unfixed> (medium; bug #534947)
 CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0, ...)
 	- webkit 1.1.5-1 (medium; bug #534946)
 	- kdelibs <unfixed> (bug #534952)
 	NOTE: http://trac.webkit.org/changeset/41854
 	- qt4-x11 <unfixed> (medium; bug #534946)
 CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 	TODO: check
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and
...)
 	NOT-FOR-US: iPhone
 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked
Extended ...)
 	NOT-FOR-US: Apple Safari
 CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
-	TODO: check
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
 	NOT-FOR-US: Safari in Apple iPhone OS
 CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and
iPhone ...)
@@ -11758,7 +11782,8 @@
 CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod
touch ...)
 	NOT-FOR-US: Safari
 CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod
touch ...)
-	NOT-FOR-US: Safari
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and
...)
 	NOT-FOR-US: Apple
 CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS
2.0 ...)
@@ -16439,7 +16464,8 @@
 CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X
10.4.11 ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X
10.4.11 ...)
-	NOT-FOR-US: Apple Mac OS X
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-2319
 	RESERVED
 CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode
tools ...)
@@ -18146,7 +18172,8 @@
 CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 ...)
 	NOT-FOR-US: iPhone
 CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0
allows ...)
-	NOT-FOR-US: iPhone
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-1587
 	RESERVED
 CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for
iPod ...)
@@ -48942,6 +48969,8 @@
 	- thunderbird 1.5.0.4-1 (medium)
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
+	- webkit <unfixed> (medium; bug #535793)
+	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
 	NOTE: MFSA-2006-41