Secure testing commits - Jan 2011 - r15795 - data/CVE

Author: jmm-guest
Date: 2011-01-05 22:05:14 +0000 (Wed, 05 Jan 2011)
New Revision: 15795

Modified:
   data/CVE/list
Log:
- new xen issue, 
- new syslog-ng issue (kfreebsd-specific)
- new evince issues
- start marking webkit/lenny as no-dsa, since it''s not going to be
removed from stable
- php fixed


Modified: data/CVE/list
==================================================================---
data/CVE/list	2011-01-05 21:59:33 UTC (rev 15794)
+++ data/CVE/list	2011-01-05 22:05:14 UTC (rev 15795)
@@ -1,3 +1,6 @@
+CVE-2010-XXXX [syslog-ng log permissions]
+	- syslog-ng 3.1.3-2 (bug #608491)
+	[lenny] - syslog-ng <not-affected> (Freebsd-specific, which is not
supported in Lenny)
 CVE-2010-XXXX [XSS in ftpls]
 	- ftpcopy <unfixed> (bug #607494)
 CVE-2011-0285
@@ -891,7 +894,7 @@
 CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
 	NOT-FOR-US: Safe Search plugin for WordPress
 CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto
(com_jeauto) ...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! extension
 CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the
JXtended ...)
 	NOT-FOR-US: Joomla!
 CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface
5.0, ...)
@@ -1250,9 +1253,9 @@
 CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton
...)
 	NOT-FOR-US: LittlePhpGallery
 CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier
...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! extension
 CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF
component ...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! extension
 CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows
remote ...)
 	NOT-FOR-US: The Register Plus plugin for WordPress
 CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in
wp-login.php in ...)
@@ -1340,7 +1343,7 @@
 CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
 	NOT-FOR-US: Chameleon Social Networking
 CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
-	NOT-FOR-US: Joomla!
+	NOT-FOR-US: Joomla! extension
 CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment,
does ...)
 	NOT-FOR-US: DaDaBIK
 CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in
MRCGIGUY ...)
@@ -1613,7 +1616,7 @@
 	- linux-2.6 <unfixed>
 CVE-2010-4255 [linux: Xen direct pv guest access crash]
 	RESERVED
-	- linux-2.6 <unfixed>
+	- xen <unfixed>
 CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10
is ...)
 	- moon <unfixed> (bug #608288)
 	NOTE: 201011251552.17678.thomas at suse.de
@@ -1873,7 +1876,7 @@
 CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and
possibly ...)
 	NOT-FOR-US: DeluxeBB
 CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the
IMAP ...)
-	- php5 <unfixed>
+	- php5 5.3.3-7
 CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2
...)
 	- turbogears2 2.0.3-1
 CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2)
before ...)
@@ -5976,12 +5979,16 @@
 	NOT-FOR-US: IBM WebSphere Service Registry and Repository
 CVE-2010-2643
 	RESERVED
+	- evince <unfixed>
 CVE-2010-2642
 	RESERVED
+	- evince <unfixed>
 CVE-2010-2641
 	RESERVED
+	- evince <unfixed>
 CVE-2010-2640
 	RESERVED
+	- evince <unfixed>
 CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows
remote ...)
 	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
 CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5
...)
@@ -6461,6 +6468,7 @@
 	NOT-FOR-US: Microsoft Internet Explorer
 CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows
remote ...)
 	- webkit 1.2.1-3 (low)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.55~r47796-1
 	NOTE: http://trac.webkit.org/changeset/58829
 	NOTE: above patch for cve-2010-1773 fixes the problem, so this seems to be a
dup
@@ -9348,16 +9356,19 @@
 	- tiff 3.9.4-1
 CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
 	NOTE: http://trac.webkit.org/changeset/55511
 CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari
before ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
 	NOTE: http://trac.webkit.org/changeset/54193
 CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
 	NOTE: http://trac.webkit.org/changeset/56489
@@ -9365,22 +9376,26 @@
 	NOTE: http://trac.webkit.org/changeset/56879
 CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does
not ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
 	NOTE: http://trac.webkit.org/changeset/56365
 CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
 	NOTE: http://trac.webkit.org/changeset/50226
 	NOTE: http://trac.webkit.org/changeset/50240
 CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
 	NOTE: http://trac.webkit.org/changeset/56186
 CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
 	NOTE: http://trac.webkit.org/changeset/53446
@@ -9392,73 +9407,87 @@
 	TODO: ^ this seems to be the commit for cve-2010-1404. what is the right one?
 CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0
on Mac ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
 	NOTE: http://trac.webkit.org/changeset/55182
 CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS)
...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
 	NOTE: http://trac.webkit.org/changeset/55196
 CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
 	NOTE: http://trac.webkit.org/changeset/54521
 CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
 	NOTE: http://trac.webkit.org/changeset/46437
 CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6
and ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
 	NOTE: http://trac.webkit.org/changeset/55167
 CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
 	NOTE: http://trac.webkit.org/changeset/52034
 	NOTE: http://trac.webkit.org/changeset/55114
 CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
 	NOTE: http://trac.webkit.org/changeset/55462
 	NOTE: http://trac.webkit.org/changeset/55465
 CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
 	NOTE: http://trac.webkit.org/changeset/46068
 CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: http://trac.webkit.org/changeset/55203
 	NOTE: http://trac.webkit.org/changeset/55212
 CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in
Apple ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
 	NOTE: http://trac.webkit.org/changeset/53607
 CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
 	NOTE: http://trac.webkit.org/changeset/56297
 CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local
Storage ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
 	NOTE: http://trac.webkit.org/changeset/56139
 CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
 	NOTE: http://trac.webkit.org/changeset/49487
 CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.1-2
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
@@ -9473,6 +9502,7 @@
 	NOTE: http://trac.webkit.org/changeset/47829
 CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in
Apple ...)
 	- webkit 1.2.1-2 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
 	NOTE: http://trac.webkit.org/changeset/54129
@@ -9480,6 +9510,7 @@
 	NOTE: http://trac.webkit.org/changeset/54265
 CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and
before ...)
 	- webkit 1.2.2-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.342.9~r43360-1
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
 	NOTE: http://trac.webkit.org/changeset/56188
@@ -9874,6 +9905,7 @@
 	NOT-FOR-US: Novell NetWare
 CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote
attackers to ...)
 	- webkit 1.1.90-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://trac.webkit.org/changeset/55511
 	NOTE: evidence of memory corruption
http://code.google.com/p/chromium/issues/detail?id=37061
@@ -9894,6 +9926,7 @@
 	TODO: recheck as newer webkits get uploaded
 CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to
cause a ...)
 	- webkit 1.1.90-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
 CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before
...)
@@ -10282,6 +10315,7 @@
 	NOT-FOR-US: Apple Type Services
 CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before
5.0 on ...)
 	- webkit 1.2.1-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850
 	NOTE: http://trac.webkit.org/changeset/53501
 	NOTE: http://trac.webkit.org/changeset/53504
@@ -11632,6 +11666,7 @@
 CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google
Chrome ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
@@ -11645,6 +11680,7 @@
 CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before
4.0.249.78, ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (low)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- qt4-x11 <undetermined> (low)
 	- kdelibs <undetermined> (low)
 	- kde4libs <undetermined> (low)
@@ -11687,6 +11723,7 @@
 CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before
4.0.249.89, ...)
 	- chromium-browser 5.0.375.29~r46008-1
 	- webkit 1.1.21-1 (medium)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- qt4-x11 <undetermined> (medium)
 	- kdelibs <undetermined> (medium)
 	- kde4libs <undetermined> (medium)
@@ -12018,6 +12055,7 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.2.1-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser <not-affected> (only Safari is affected, they have a
different URL parsing implementation)
 	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
 	NOTE: http://trac.webkit.org/changeset/58792
@@ -12666,6 +12704,7 @@
 	- kde4libs <undetermined>
 CVE-2010-0314 (Apple Safari allows remote attackers to discover a
redirect''s target ...)
 	- webkit 1.1.90-1 
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- chromium-browser 5.0.375.29~r46008-1
 CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java
System ...)
 	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
@@ -14095,6 +14134,7 @@
 CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -14124,6 +14164,7 @@
 CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -14131,6 +14172,7 @@
 CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -14138,6 +14180,7 @@
 CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -14145,6 +14188,7 @@
 CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before
4.0.5 ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -14152,6 +14196,7 @@
 CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in
Apple ...)
 	- chromium-browser 6.0.466.0~r52279-1
 	- webkit 1.1.90-1 (bug #574064)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kde4libs <undetermined>
 	- kdelibs <undetermined>
 	- qt4-x11 <undetermined>
@@ -17032,6 +17077,7 @@
 	[lenny] - iceape <not-affected> (stub package)
 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari
before ...)
 	- webkit 1.1.17-2 (medium; bug #559759)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- qt4-x11 4:4.6.2-4 (bug #561760)
 	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use
qtwebkit )
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is
affected
@@ -19019,6 +19065,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...)
 	- webkit 1.1.21-1 (medium; bug #559759)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	NOTE: http://trac.webkit.org/changeset/49480
 	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
 	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
@@ -20538,6 +20585,7 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests
function in ...)
 	- webkit 1.1.10-1
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 CVE-2009-2418
 	RESERVED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
@@ -22388,6 +22436,7 @@
 	- qt4-x11 <undetermined> (bug #538403)
 	[etch] - qt4-x11 <not-affected> (webkit support introduced in version
4.4)
 	- webkit 1.1.13-1 (low; bug #538402)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kdelibs <unfixed> (unimportant)
 	- kde4libs <unfixed> (unimportant)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
@@ -22492,6 +22541,7 @@
 	NOTE: http://trac.webkit.org/changeset/42533
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)
@@ -22499,6 +22549,7 @@
 	NOTE: http://trac.webkit.org/changeset/42216
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
+	[lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps)
 	- kdelibs <not-affected>
 	- kde4libs <undetermined>
 	- qt4-x11 4:4.6.2-4
@@ -22507,6 +22558,7 @@
 	NOTE: http://trac.webkit.org/changeset/40881
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0,
iPhone ...)
 	- webkit 1.1.12-1 (low; bug #535793)
+	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe
apps)
 	- kdelibs <not-affected>
 	- kde4libs <not-affected>
 	- qt4-x11 4:4.6.2-4 (low)