Author: gilbert-guest Date: 2009-06-17 23:01:35 +0000 (Wed, 17 Jun 2009) New Revision: 12146 Modified: data/CVE/list Log: got CVEs mixed up in last commit. - i''ve checked, webkit in unstable no longer vulnerable PoC for CVE-2008-4724 (lenny still affected, but issue considered minor) - appropriately tagged iceweasel as not-affected (CVE-2008-4723) Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-17 22:53:04 UTC (rev 12145) +++ data/CVE/list 2009-06-17 23:01:35 UTC (rev 12146) @@ -9927,13 +9927,12 @@ CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...) NOT-FOR-US: Opera CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...) - - webkit <unfixed> (low; bug #520052) + - webkit 1.1.7-1 (low; bug #520052) [lenny] - webkit <no-dsa> (Minor issue) NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4) NOTE: not reproducible using iceweasel 3.0.1 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) - - webkit 1.1.7-1 (low; bug #520052) - NOTE: webkit in lenny is vulnerable to the proof of concept exploit + - iceweasel <not-affected> NOTE: firefox not affected, see https://bugzilla.redhat.com/468397 CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...) NOT-FOR-US: Sun ILOM