thr3ads.net - Secure testing commits - [Secure-testing-commits] r13609

If this information is useful, please help other people find it:
Share via:
Michael Gilbert
2009-Dec-20 05:10 UTC
[Secure-testing-commits] r13609 - data/CVE

Author: gilbert-guest
Date: 2009-12-20 05:10:41 +0000 (Sun, 20 Dec 2009)
New Revision: 13609

Modified:
   data/CVE/list
Log:
webkit code copies

Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-12-20 05:08:20 UTC (rev 13608)
+++ data/CVE/list	2009-12-20 05:10:41 UTC (rev 13609)
@@ -272,6 +272,9 @@
 CVE-2009-XXXX [browser-based css info disclosure]
 	- xulrunner <unfixed> (unimportant; bug #560108)
 	- webkit <unfixed> (unimportant; bug #560870)
+	- qt4-x11 <unfixed> (unimportant; bug #561754)
+	- kdelibs <unfixed> (unimportant; bug #561752)
+	- kde4libs <unfixed> (unimportant; bug #561753)
 	- kazehakase <unfixed> (unimportant; bug #560871)
 	- epiphany-browser <unfixed> (unimportant; bug #560872)
 	- galeon <unfixed> (unimportant; bug #560873)
@@ -1182,7 +1185,9 @@
 CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
 	- chromium-browser <itp> (low; bug #520324)
 	- webkit <unfixed> (low; bug #560905)
-	TODO: check qt4-x11, kdelibs, kde4libs
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-3931 (Incomplete blacklist vulnerability in
browser/download/download_exe.cc ...)
 	- chromium-browser <itp> (low; bug #520324)
 CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02
allow ...)
@@ -2802,7 +2807,9 @@
 	RESERVED
 CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari
before ...)
 	- webkit 1.1.17-2 (medium; bug #559759)
-	TODO: check qt4-x11, kdelibs, kde4libs
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in
...)
 	- xulrunner 1.9.1.4-1
 	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
@@ -4308,6 +4315,9 @@
 CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote
...)
 	- xulrunner <unfixed> (unimportant; bug #557753)
 	- webkit <unfixed> (unimportant; bug #557752)
+	- qt4-x11 <unfixed> (unimportant; bug #561760)
+	- kdelibs <unfixed> (unimportant; bug #561765)
+	- kde4libs <unfixed> (unimportant; bug #561762)
 	NOTE: browser denial-of-services are considered unimportant
 CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun
Solaris ...)
 	NOT-FOR-US: Sun Solaris
@@ -4760,8 +4770,10 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform
the ...)
 	- webkit <unfixed> (medium; bug #559759)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: work with upstream to determine affected/not-affected versions
-	TODO: check qt4-x11, kdelibs, kde4libs
 CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle
temporary ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC
servers to ...)
@@ -4817,7 +4829,9 @@
 CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in
WebKit, ...)
 	- webkit <unfixed> (medium; bug #559759)
 	[lenny] - webkit <not-affected> (vulnerable code not present)
-	TODO: check qt4-x11, kdelibs, kde4libs
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not
...)
 	NOT-FOR-US: Apple iPhone OS
 CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in
Apple ...)
@@ -4860,8 +4874,10 @@
 	NOT-FOR-US: Apple QuickTime
 CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1,
and ...)
 	- webkit <unfixed> (medium; bug #559759)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: someone needs to gain membership to the webkit security list so we can
actually check these issues
-	TODO: check qt4-x11, kdelibs, kde4libs
 CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1
for ...)
 	NOT-FOR-US: Apple iPhone OS
 CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in
Apple ...)
@@ -6252,8 +6268,9 @@
 	NOT-FOR-US: Apple Safari
 CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests
function in ...)
 	- webkit 1.1.10-1
-	- qt4-x11 <unfixed>
-	NOTE: affected embedded webkit code copy present in qt4-x11
[./src/3rdparty/webkit/WebCore/*]
+	- qt4-x11 <unfixed> (low; bug #561760)
+	- kdelibs <unfixed> (low; bug #561765)
+	- kde4libs <unfixed> (low; bug #561762)
 CVE-2009-2418
 	RESERVED
 CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when
OpenSSL is ...)
@@ -6897,7 +6914,9 @@
 CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows
remote ...)
 	- webkit 1.1.12-1 (medium)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
-	- qt4-x11 <unfixed> (medium; bug #544903)
+	- qt4-x11 <unfixed> (low; bug #561760)
+	- kdelibs <unfixed> (low; bug #561765)
+	- kde4libs <unfixed> (low; bug #561762)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
 	NOTE: http://trac.webkit.org/changeset/45696
 CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file
...)
@@ -7441,6 +7460,9 @@
 	NOT-FOR-US: MHF Media Pro
 CVE-2009-XXXX [predictable random number generator used in web browsers]
 	- webkit <unfixed> (low; bug #532514)
+	- qt4-x11 <unfixed> (low; bug #561759)
+	- kdelibs <unfixed> (low; bug #561757)
+	- kde4libs <unfixed> (low; bug #561758)
 	[lenny] - webkit <no-dsa> (Minor issue)
 	- xulrunner <unfixed> (low; bug #532516)	
 	[lenny] - xulrunner <no-dsa> (Minor issue)
@@ -8090,6 +8112,8 @@
 CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- qt4-x11 <unfixed> (low; bug #538403)
 	- webkit 1.1.13-1 (low; bug #538402)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
 CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an
incorrect URL ...)
 	NOT-FOR-US: CFNetwork in Apple Mac OS X
@@ -8107,30 +8131,51 @@
 CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote
...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <no-dsa> (Minor issue)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before
10.5.7 ...)
 	NOT-FOR-US: Mac OS X
 CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not
properly ...)
 	NOT-FOR-US: CFNetwork in Apple
 CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in
WebKit in ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/36359
 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does
not ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/34533
 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote
loading of ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/41568
 CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize
memory ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/36918
 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to
spoof the ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection
implementation ...)
 	{DSA-1866-1}
 	- webkit 0~svn32442-1
@@ -8152,15 +8197,30 @@
 CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to
file: ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	[lenny] - webkit <no-dsa> (Minor issue)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM
implementation in ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: invasive patch to backport.
 CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0,
iPhone ...)
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari
before ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1 DSA-1868-1 DSA-1867-1}
 	- webkit 1.1.5-1 (medium; bug #534946)
@@ -8171,27 +8231,48 @@
 CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before
4.0, ...)
 	{DSA-1950-1}
 	- webkit 1.1.15.2-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/35928
 CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through
2.2.1, ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: upstream (undisclosed) bug report is
https://bugs.webkit.org/show_bug.cgi?id=23319
 	NOTE: http://trac.webkit.org/changeset/41741
 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/32791
 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari
before ...)
 	{DSA-1950-1 DSA-1868-1 DSA-1867-1}
@@ -8204,9 +8285,15 @@
 CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.1.12-1 (low; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari
before 4.0, ...)
 	{DSA-1950-1 DSA-1868-1 DSA-1867-1}
 	- webkit 1.1.5-1 (medium; bug #534946)
@@ -8217,11 +8304,20 @@
 CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	- webkit 1.1.12-1 (medium; bug #535793)
 	[lenny] - webkit <not-affected> (Vulnerable code not present)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	- webkit 1.0.1-4 (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple
Safari ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and
...)
 	NOT-FOR-US: iPhone
 CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked
Extended ...)
@@ -8229,6 +8325,9 @@
 CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1,
and ...)
 	{DSA-1950-1}
 	- webkit 1.1.12-1 (low; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for
iPod ...)
 	NOT-FOR-US: Safari in Apple iPhone OS
 CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and
iPhone ...)
@@ -10860,6 +10959,7 @@
 	- qt4-x11 4:4.5.2-1 (medium; bug #532718)
 	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
 	NOTE: http://trac.webkit.org/changeset/43590
+        - kdelibs <unfixed> (low; bug #561765)
 	- kde4libs 4:4.3.0-1 (medium; bug #534917)
 	[lenny] - kde4libs <not-affected> (khtml doesn''t have SVG
support)
 	NOTE: http://websvn.kde.org/?view=rev&revision=983302
@@ -17388,6 +17488,9 @@
 CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google
Chrome ...)
 	- webkit 1.1.7-1 (low; bug #520052)
 	[lenny] - webkit <no-dsa> (Minor issue)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: webkit properly handles this issue with respect to extensions such as
jpg and txt, but not in general; for example, the attack works for odp, xls, etc
extensions (only tested with midori 0.1.4)
 	NOTE: not reproducible using iceweasel 3.0.1
 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla
Firefox ...)
@@ -18550,6 +18653,9 @@
 	NOT-FOR-US: Safari
 CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod
touch ...)
 	- webkit <unfixed> (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and
...)
 	NOT-FOR-US: Apple
@@ -20172,7 +20278,9 @@
 	RESERVED
 CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1
through ...)
 	- webkit 1.0.1-4 (bug #499771)
-	TODO: check qt4-x11, kdelibs, and kde4libs
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and
iPhone ...)
 	NOT-FOR-US: Apple iPod
 CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an
...)
@@ -23250,6 +23358,9 @@
 	NOT-FOR-US: Apple Mac OS X
 CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X
10.4.11 ...)
 	- webkit <unfixed> (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-2319
 	RESERVED
@@ -23283,6 +23394,9 @@
 	NOT-FOR-US: Alias Manager in Apple Mac OS X
 CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before
3.1.2, as ...)
 	- webkit 1.0.1-1
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	NOTE: http://trac.webkit.org/changeset/34204
 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret
the ...)
 	NOT-FOR-US: Windows issue
@@ -24961,6 +25075,9 @@
 	NOT-FOR-US: iPhone
 CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0
allows ...)
 	- webkit <unfixed> (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2008-1587
 	RESERVED
@@ -28088,6 +28205,9 @@
 	NOT-FOR-US: Mapbender
 CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers
to ...)
 	- webkit <unfixed> (unimportant)
+        - qt4-x11 <unfixed> (unimportant; bug #561760)
+        - kdelibs <unfixed> (unimportant; bug #561765)
+        - kde4libs <unfixed> (unimportant; bug #561762)
 	NOTE: khtml originates from konqueror. browser crashes are considered
unimportant
 CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials
via a ...)
 	NOT-FOR-US: PhotoKorn
@@ -55883,6 +56003,9 @@
 	- mozilla 2:1.7.13-0.3 (medium)
 	- xulrunner 1.8.0.4-1 (medium)
 	- webkit <unfixed> (medium; bug #535793)
+        - qt4-x11 <unfixed> (low; bug #561760)
+        - kdelibs <unfixed> (low; bug #561765)
+        - kde4libs <unfixed> (low; bug #561762)
 	TODO: work with upstream to determine affected/not-affected webkit versions
 CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
 	{DSA-1134-1 DSA-1120 DSA-1118}
Secure testing commits - Dec 2009 - r13609 - data/CVE

[Secure-testing-commits] r13609 - data/CVE
