Secure testing commits - Sep 2009 - r12840 - in data: . CVE

Author: gilbert-guest
Date: 2009-09-17 20:04:36 +0000 (Thu, 17 Sep 2009)
New Revision: 12840

Modified:
   data/CVE/list
   data/embedded-code-copies
Log:
webkit stuff

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-09-17 18:56:46 UTC (rev 12839)
+++ data/CVE/list	2009-09-17 20:04:36 UTC (rev 12840)
@@ -1,3 +1,6 @@
+CVE-2009-XXXX [webkit: potential ssl certificate null character stripping
vulnerability]
+	- webkit <unfixed> (medium; bug #547217)
+	TODO: asked maintainer to check; follow-up
 CVE-2009-3234 [Buffer overflow in performance counters]
 	- linux-2.6 <not-affected> (Introduced in 2.6.31)
 	- linux-2.6.24 <removed>
@@ -1493,7 +1496,8 @@
 CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4
allows ...)
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1,
and ...)
-	NOT-FOR-US: Safari in Apple iPhone OS
+	- webkit <unfixed> (medium)
+	TODO: someone needs to gain membership to the webkit security list so we can
actually check these issues
 CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1
for ...)
 	NOT-FOR-US: Apple iPhone OS
 CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in
Apple ...)
@@ -3494,7 +3498,8 @@
 	NOTE: http://trac.webkit.org/changeset/44905
 	NOTE: http://trac.webkit.org/changeset/44909
 CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari
before ...)
-	NOT-FOR-US: Apple Safari
+	- webkit <unfixed> (medium)
+	TODO: someone needs to gain membership to the webkit security list so we can
actually check these issues
 CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all
cookies ...)
 	NOT-FOR-US: Apple GarageBand
 CVE-2009-2197

Modified: data/embedded-code-copies
==================================================================---
data/embedded-code-copies	2009-09-17 18:56:46 UTC (rev 12839)
+++ data/embedded-code-copies	2009-09-17 20:04:36 UTC (rev 12840)
@@ -932,3 +932,6 @@
 
 pidgin
 	- gaim <old-version>
+
+icu
+	- webkit <unfixed> (embed; bug #547214) [./WebCore/icu/*]