thr3ads.net - Secure testing commits - [Secure-testing-commits] r14541

If this information is useful, please help other people find it:
Share via:
Moritz Muehlenhoff
2010-Apr-21 19:55 UTC
[Secure-testing-commits] r14541 - data/CVE

Author: jmm-guest
Date: 2010-04-21 19:55:57 +0000 (Wed, 21 Apr 2010)
New Revision: 14541

Modified:
   data/CVE/list
Log:
Qt triage


Modified: data/CVE/list
==================================================================---
data/CVE/list	2010-04-21 06:37:54 UTC (rev 14540)
+++ data/CVE/list	2010-04-21 19:55:57 UTC (rev 14541)
@@ -12900,7 +12900,8 @@
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- kdelibs <unfixed> (unimportant)
 	- kde4libs <unfixed> (unimportant)
-	- qt4-x11 <undetermined> (unimportant)
+	- qt4-x11 4:4.6.2-4 (low; bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/44010
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
 	NOT-FOR-US: Mac OS X
@@ -12910,7 +12911,8 @@
 	- webkit 1.0.1-4 (medium; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/31890
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
 	{DSA-1950-1}
@@ -12945,10 +12947,11 @@
 	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
 	{DSA-1950-1}
-	- webkit 1.1.12-1 (medium; bug #535793)
+	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low; bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/35157
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
 	{DSA-1866-1}
@@ -12973,26 +12976,31 @@
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
+	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in
version 4.5)
 	NOTE: http://trac.webkit.org/changeset/42533
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/42216
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <undetermined>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: invasive patch to backport.
 	NOTE: http://trac.webkit.org/changeset/40881
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0,
iPhone ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/38065
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before ...)
 	{DSA-1988-1}
@@ -13014,14 +13022,17 @@
 	- webkit 1.1.15.2-1 (medium; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/41262
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4
+	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/39510
 	NOTE: http://trac.webkit.org/changeset/39553
 CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
@@ -13029,14 +13040,17 @@
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/42223
 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/35935
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1}
@@ -13076,14 +13090,16 @@
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4.4.3-1
+	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
 	NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4.4.3-1
+	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
 	NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0, ...)
 	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
@@ -13098,20 +13114,23 @@
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/31431
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
-	- webkit 1.0.1-4 (medium; bug #535793)
+	- webkit 1.0.1-4 (bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <unfixed>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/34574
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
 	NOTE: http://trac.webkit.org/changeset/42365
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and
...)
 	NOT-FOR-US: iPhone
@@ -13122,7 +13141,8 @@
 	- webkit 1.1.12-1 (low; bug #535793)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
-	- qt4-x11 <undetermined>
+	- qt4-x11 4:4.6.2-4 (low)
+	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is
affected
 	NOTE: http://trac.webkit.org/changeset/42333
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
 	NOT-FOR-US: Safari in Apple iPhone OS
Secure testing commits - Apr 2010 - r14541 - data/CVE

[Secure-testing-commits] r14541 - data/CVE
