Author: nion Date: 2009-08-27 17:57:16 +0000 (Thu, 27 Aug 2009) New Revision: 12696 Modified: data/CVE/list Log: webkit fixes Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-08-27 17:47:51 UTC (rev 12695) +++ data/CVE/list 2009-08-27 17:57:16 UTC (rev 12696) @@ -3659,7 +3659,7 @@ CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...) NOT-FOR-US: ColorSync in Apple Mac OS X CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, KHTML in kdelibs in KDE, QtWebKit ...) - - webkit <unfixed> (medium; bug #538346) + - webkit 1.1.13-1 (medium; bug #538346) - qt4-x11 4:4.5.2-2 (medium; bug #538347) - kdelibs <not-affected> (medium; bug #538350) - kde4libs <not-affected> (medium; bug #538349) @@ -3668,7 +3668,7 @@ NOTE: PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - qt4-x11 <unfixed> (low; bug #538403) - - webkit <unfixed> (low; bug #538402) + - webkit 1.1.13-1 (low; bug #538402) NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/ TODO: check CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)