Author: jmm-guest Date: 2010-04-07 19:54:11 +0000 (Wed, 07 Apr 2010) New Revision: 14433 Modified: data/CVE/list Log: more webkit triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-04-07 19:36:03 UTC (rev 14432) +++ data/CVE/list 2010-04-07 19:54:11 UTC (rev 14433) @@ -74,14 +74,15 @@ CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...) TODO: check CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...) - - webkit 1.1.90-1 + - webkit 1.1.90-1 (unimportant) - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> - chromium-browser <itp> (bug #520324) - NOTE: http://trac.webkit.org/changeset/55511 + NOTE: http://trac.webkit.org/changeset/55511, just a crasher CVE-2010-1236 (Google Chrome before 4.1.249.1036 does not properly restrict ...) - webkit <unfixed> + [lenny] - webkit <not-affected> (Vulnerable code not present) - kdelibs <undetermined> - kde4libs <undetermined> - qt4-x11 <undetermined> @@ -1762,6 +1763,7 @@ CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...) - chromium-browser <itp> (bug #520334) - webkit 1.1.21-1 (low) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - qt4-x11 <undetermined> (low) - kdelibs <undetermined> (low) - kde4libs <undetermined> (low) @@ -2762,10 +2764,11 @@ NOT-FOR-US: Google SketchUp CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...) - chromium-browser <itp> (bug #520324) - - webkit 1.1.21-1 (medium) - - qt4-x11 <undetermined> (medium) - - kdelibs <undetermined> (medium) - - kde4libs <undetermined> (medium) + - webkit 1.1.21-1 (low) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) + - qt4-x11 <undetermined> + - kdelibs <undetermined> + - kde4libs <undetermined> CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect''s target ...) NOT-FOR-US: Safari CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...) @@ -9053,7 +9056,8 @@ CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...) NOT-FOR-US: Apple QuickTime CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...) - - webkit 1.1.21-1 (medium; bug #559759) + - webkit 1.1.21-1 (low; bug #559759) + [lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand) - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 <undetermined>