Author: gilbert-guest
Date: 2009-10-02 22:34:53 +0000 (Fri, 02 Oct 2009)
New Revision: 12921
Modified:
data/CVE/list
Log:
- not enough information to rule out webkit issue
- wget null character issue got its own cve id (CVE-2009-3490)
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-10-02 21:14:16 UTC (rev 12920)
+++ data/CVE/list 2009-10-02 22:34:53 UTC (rev 12921)
@@ -546,7 +546,8 @@
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch,
does not ...)
NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple
...)
- NOT-FOR-US: Apple Safari
+ - webkit <unfixed> (medium)
+ TODO: someone needs to become a member of the webkit security list so we can
actually triage these apple webkit issues
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause
a ...)
NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM
in the ...)
@@ -3587,8 +3588,6 @@
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
{DSA-1869-1}
- curl 7.19.5-1.1 (medium; bug #541991)
- TODO: - wget <unfixed>
- TODO: check whether wget affected [src/openssl.c]; not an embed, but similar
functionality
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10,
2.6.16, ...)
{DSA-1861-1 DSA-1859-1}
- libxml2 2.7.3.dfsg-2.1 (low; bug #540865)