Author: derevko-guest
Date: 2009-12-05 13:51:07 +0000 (Sat, 05 Dec 2009)
New Revision: 13456
Modified:
data/CVE/list
Log:
webkit issue triage
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-05 04:20:27 UTC (rev 13455)
+++ data/CVE/list 2009-12-05 13:51:07 UTC (rev 13456)
@@ -6126,6 +6126,7 @@
NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows
remote ...)
- webkit 1.1.12-1 (medium)
+ [lenny] - webkit <not-affected> (Vulnerable code not present)
- qt4-x11 <unfixed> (medium; bug #544903)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
NOTE: http://trac.webkit.org/changeset/45696
@@ -7318,6 +7319,7 @@
- webkit 1.1.13-1 (low; bug #538402)
NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
TODO: check
+ NOTE: Can''t find details on webkit
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an
incorrect URL ...)
NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in
...)
@@ -7339,13 +7341,12 @@
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not
properly ...)
NOT-FOR-US: CFNetwork in Apple
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
- - webkit <unfixed> (medium; bug #535793)
+ - webkit 1.0.1-4 (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
- webkit <unfixed> (medium; bug #535793)
@@ -7354,8 +7355,7 @@
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
{DSA-1866-1}
- webkit 0~svn32442-1
@@ -7375,14 +7375,12 @@
CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded
image ...)
NOT-FOR-US: Apple Safari
CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to
file: ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
+ [lenny] - webkit <no-dsa> (Minor issue)
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0,
iPhone ...)
- webkit <unfixed> (medium; bug #535793)
TODO: work with upstream to determine affected/not-affected webkit versions