Author: luciano
Date: 2009-06-08 15:12:16 +0000 (Mon, 08 Jun 2009)
New Revision: 12073
Modified:
data/CVE/list
Log:
CVE-2009-0945 NOT-FOR-US
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-06-08 14:21:30 UTC (rev 12072)
+++ data/CVE/list 2009-06-08 15:12:16 UTC (rev 12073)
@@ -3124,7 +3124,7 @@
{DSA-1784-1}
- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as
used in ...)
- TODO: check
+ NOT-FOR-US: Google Chrome and Apple Safari
CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple
Mac OS X ...)
NOT-FOR-US: Microsoft Office Spotlight
CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7
does not ...)
Michael S. Gilbert
2009-Jun-08 15:30 UTC
[Secure-testing-team] [Secure-testing-commits] r12073 - data/CVE
On Mon, 8 Jun 2009 15:12:16 +0000, Luciano Bello wrote:> Author: luciano > Date: 2009-06-08 15:12:16 +0000 (Mon, 08 Jun 2009) > New Revision: 12073 > > Modified: > data/CVE/list > Log: > CVE-2009-0945 NOT-FOR-USare you sure about this? most of the advisories say it is indeed webkit-specific, but i can''t determine whether this is true or not since the the bug report is currently blocked [1]. [1] https://bugs.webkit.org/show_bug.cgi?id=24730
Luciano Bello
2009-Jun-10 22:25 UTC
[Secure-testing-team] [Secure-testing-commits] r12073 - data/CVE
El Lun 08 Jun 2009, Michael S. Gilbert escribi?:> > Modified: > > ? ?data/CVE/list > > Log: > > CVE-2009-0945 NOT-FOR-US > > are you sure about this? ?most of the advisories say it is indeed > webkit-specific, but i can''t determine whether this is true or not > since the the bug report is currently blocked [1]. > > [1] https://bugs.webkit.org/show_bug.cgi?id=24730You are totally right. In fact, the PoC provokes a segfault in our libqt4-webkit (tested with 4.5.1-2). This IS for us, we are affected and it is an <unfixed>. I''m really sorry, I already fixed data/CVE/list. thanks, luciano.
Michael S. Gilbert
2009-Jun-10 22:33 UTC
[Secure-testing-team] [Secure-testing-commits] r12073 - data/CVE
On Wed, 10 Jun 2009 19:25:52 -0300, Luciano Bello wrote:> El Lun 08 Jun 2009, Michael S. Gilbert escribi?: > > > Modified: > > > ? ?data/CVE/list > > > Log: > > > CVE-2009-0945 NOT-FOR-US > > > > are you sure about this? ?most of the advisories say it is indeed > > webkit-specific, but i can''t determine whether this is true or not > > since the the bug report is currently blocked [1]. > > > > [1] https://bugs.webkit.org/show_bug.cgi?id=24730 > > You are totally right. In fact, the PoC provokes a segfault in our libqt4-webkit (tested with 4.5.1-2). > > This IS for us, we are affected and it is an <unfixed>. > > I''m really sorry, I already fixed data/CVE/list.no problem. thanks for checking. what about plain-old gtk wekbit? mike