Author: derevko-guest Date: 2009-06-28 14:01:44 +0000 (Sun, 28 Jun 2009) New Revision: 12213 Modified: data/CVE/list Log: webkit related issue triage Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-06-28 09:46:23 UTC (rev 12212) +++ data/CVE/list 2009-06-28 14:01:44 UTC (rev 12213) @@ -1212,7 +1212,13 @@ CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...) TODO: check CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) - TODO: check + - webkit 0~svn32442-1 + NOTE: http://trac.webkit.org/changeset/32039 + - kde4libs <not-affected> (Vulnerable code not present) + - kdegraphics <not-affected> (Vulnerable code not present, ksvg is only in 3.5.x series) + [lenny] - kdegraphics <unfixed> (medium; bug #534951) + [etch] - kdegraphics <unfixed> (medium; bug #534951) + - qt4-x11 4.5.0-1 (medium; bug #534947) CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...) NOT-FOR-US: Apple Safari CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...) @@ -1235,8 +1241,11 @@ CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...) TODO: check CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) - - webkit <unfixed> - TODO: File bug + - webkit 1.1.5-1 (medium; bug #534946) + NOTE: http://trac.webkit.org/changeset/42081 + - kdelibs <unfixed> (medium; bug #534952) + - kde4libs <unfixed> (medium; bug #534949) + - qt4-x11 <unfixed> (medium; bug #534947) CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...) TODO: check CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) @@ -1253,13 +1262,21 @@ - webkit <unfixed> TODO: File bug CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) - TODO: check + - webkit 1.1.5-1 (medium; bug #534946) + NOTE: http://trac.webkit.org/changeset/42532 + - kdelibs <unfixed> (medium; bug #534952) + - kde4libs <unfixed> (medium; bug #534949) + NOTE: http://websvn.kde.org/?view=rev&revision=983316 + - qt4-x11 <unfixed> (medium; bug #534947) CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) TODO: check CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...) - TODO: check + - webkit 1.1.5-1 (medium; bug #534946) + - kdelibs <unfixed> (bug #534952) + NOTE: http://trac.webkit.org/changeset/41854 + - qt4-x11 <unfixed> (medium; bug #534946) CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) TODO: check CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) @@ -3870,11 +3887,12 @@ - freetype 2.3.9-4.1 (medium; bug #524925) CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...) - qt4-x11 <unfixed> (medium; bug #532718) - - webkit <unfixed> (medium; bug #532724; bug #532725) - - kdelibs <unfixed> (medium; bug #534917) - [lenny] - kdelibs <not-affected> (khtml doesn''t have SVG support) + - webkit 1.1.5-1 (medium; bug #532724; bug #532725) + NOTE: http://trac.webkit.org/changeset/43590 + - kde4libs <unfixed> (medium; bug #534917) + [lenny] - kde4libs <not-affected> (khtml doesn''t have SVG support) NOTE: http://websvn.kde.org/?view=rev&revision=983302 - - kdegraphics <not-affected> (Vulnerable code not present) + - kdegraphics <not-affected> (Vulnerable code not present, ksvg is only in 3.5.x series) [lenny] - kdegraphics <unfixed> (medium; bug #534918) [etch] - kdegraphics <unfixed> (medium; bug #534918) NOTE: http://websvn.kde.org/?view=rev&revision=983306