Author: gilbert-guest Date: 2009-10-10 05:59:34 +0000 (Sat, 10 Oct 2009) New Revision: 12973 Modified: data/CVE/list Log: triage of some webkit issues Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-10-10 05:35:07 UTC (rev 12972) +++ data/CVE/list 2009-10-10 05:59:34 UTC (rev 12973) @@ -4362,13 +4362,16 @@ CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan ...) NOT-FOR-US: Admin application in Apple Xsan CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...) - TODO: check + - kdelibs <not-affected> + - webkit <not-affected> (gtk-based frame loader not affected) + - qt4-x11 <not-affected> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273 NOTE: http://trac.webkit.org/changeset/44905 NOTE: http://trac.webkit.org/changeset/44909 CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...) - - webkit <unfixed> (medium) - TODO: someone needs to gain membership to the webkit security list so we can actually check these issues + - kdelibs <not-affected> + - webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts) + - qt4-x11 <not-affected> CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...) NOT-FOR-US: Apple GarageBand CVE-2009-2197