Giuseppe Iuculano
2009-Dec-06 16:32 UTC
[Secure-testing-commits] r13465 - in data: CVE NMU
Author: derevko-guest
Date: 2009-12-06 16:32:50 +0000 (Sun, 06 Dec 2009)
New Revision: 13465
Modified:
data/CVE/list
data/NMU/list
Log:
- webkit issue triage
- libstruts1.2-java NMUed
Modified: data/CVE/list
==================================================================---
data/CVE/list 2009-12-06 12:02:21 UTC (rev 13464)
+++ data/CVE/list 2009-12-06 16:32:50 UTC (rev 13465)
@@ -7335,8 +7335,8 @@
CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on
Mac OS X ...)
NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ [lenny] - webkit <no-dsa> (Minor issue)
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
NOT-FOR-US: Mac OS X
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not
properly ...)
@@ -7344,17 +7344,17 @@
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
- webkit 1.0.1-4 (medium; bug #535793)
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (low; bug #535793)
+ NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
- webkit 1.0.1-4 (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ NOTE: http://trac.webkit.org/changeset/34533
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ NOTE: http://trac.webkit.org/changeset/41568
CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize
memory ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ NOTE: http://trac.webkit.org/changeset/36918
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
- webkit 1.1.12-1 (medium; bug #535793)
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
@@ -7404,14 +7404,16 @@
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
- webkit 1.1.12-1 (low; bug #535793)
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
- - webkit <unfixed> (medium; bug #535793)
- TODO: work with upstream to determine affected/not-affected webkit versions
+ - webkit 1.1.12-1 (medium; bug #535793)
+ NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through
2.2.1, ...)
- webkit 1.1.12-1 (low; bug #535793)
NOTE: upstream (undisclosed) bug report is
https://bugs.webkit.org/show_bug.cgi?id=23319
+ NOTE: http://trac.webkit.org/changeset/41741
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
- webkit 1.1.12-1 (medium; bug #535793)
[lenny] - webkit <not-affected> (Vulnerable code not present)
+ NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
{DSA-1868-1 DSA-1867-1}
- webkit 1.1.5-1 (medium; bug #534946)
@@ -23083,7 +23085,7 @@
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in
WebID/IISWebAgentIF.dll in ...)
NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before
...)
- - libstruts1.2-java <unfixed> (low; bug #528352)
+ - libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB
2.2, ...)
NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS
2.2 ...)
Modified: data/NMU/list
==================================================================---
data/NMU/list 2009-12-06 12:02:21 UTC (rev 13464)
+++ data/NMU/list 2009-12-06 16:32:50 UTC (rev 13465)
@@ -178,3 +178,4 @@
2009-11-10 openldap 2.4.17-2.1
2009-11-21 gimp 2.6.7-1.1
2009-11-29 audiofile 0.2.6-7.1
+2009-12-06 libstruts1.2-java 1.2.9-3.1