Author: joeyh Date: 2009-12-20 09:14:53 +0000 (Sun, 20 Dec 2009) New Revision: 13610 Modified: data/CVE/list Log: automatic update Modified: data/CVE/list ==================================================================--- data/CVE/list 2009-12-20 05:10:41 UTC (rev 13609) +++ data/CVE/list 2009-12-20 09:14:53 UTC (rev 13610) @@ -1185,9 +1185,9 @@ CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...) - chromium-browser <itp> (low; bug #520324) - webkit <unfixed> (low; bug #560905) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...) - chromium-browser <itp> (low; bug #520324) CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...) @@ -2807,9 +2807,9 @@ RESERVED CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...) - webkit 1.1.17-2 (medium; bug #559759) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...) - xulrunner 1.9.1.4-1 [lenny] - xulrunner <not-affected> (Only affects Firefox 3.5) @@ -4770,9 +4770,9 @@ NOT-FOR-US: Apple Safari CVE-2009-2841 (WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the ...) - webkit <unfixed> (medium; bug #559759) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: work with upstream to determine affected/not-affected versions CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...) NOT-FOR-US: Apple Mac OS X @@ -4829,9 +4829,9 @@ CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...) - webkit <unfixed> (medium; bug #559759) [lenny] - webkit <not-affected> (vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...) NOT-FOR-US: Apple iPhone OS CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...) @@ -4874,9 +4874,9 @@ NOT-FOR-US: Apple QuickTime CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...) - webkit <unfixed> (medium; bug #559759) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: someone needs to gain membership to the webkit security list so we can actually check these issues CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...) NOT-FOR-US: Apple iPhone OS @@ -8112,8 +8112,8 @@ CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - qt4-x11 <unfixed> (low; bug #538403) - webkit 1.1.13-1 (low; bug #538402) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/ CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...) NOT-FOR-US: CFNetwork in Apple Mac OS X @@ -8131,51 +8131,51 @@ CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...) - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <no-dsa> (Minor issue) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...) NOT-FOR-US: Mac OS X CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...) NOT-FOR-US: CFNetwork in Apple CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) - webkit 1.0.1-4 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/36359 CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...) - webkit 1.0.1-4 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/34533 CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...) {DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/41568 CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory ...) {DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/36918 CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...) {DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) {DSA-1866-1} - webkit 0~svn32442-1 @@ -8197,30 +8197,30 @@ CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...) - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <no-dsa> (Minor issue) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...) - webkit 1.1.12-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: invasive patch to backport. CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...) - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...) - webkit 1.0.1-4 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) {DSA-1950-1 DSA-1868-1 DSA-1867-1} - webkit 1.1.5-1 (medium; bug #534946) @@ -8231,48 +8231,48 @@ CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...) {DSA-1950-1} - webkit 1.1.15.2-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) {DSA-1950-1} - webkit 1.1.12-1 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/35928 CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319 NOTE: http://trac.webkit.org/changeset/41741 CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/32791 CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...) {DSA-1950-1 DSA-1868-1 DSA-1867-1} @@ -8285,15 +8285,15 @@ CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.1.12-1 (low; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...) {DSA-1950-1 DSA-1868-1 DSA-1867-1} - webkit 1.1.5-1 (medium; bug #534946) @@ -8304,20 +8304,20 @@ CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) - webkit 1.1.12-1 (medium; bug #535793) [lenny] - webkit <not-affected> (Vulnerable code not present) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.0.1-4 (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...) NOT-FOR-US: iPhone CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...) @@ -8325,9 +8325,9 @@ CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) {DSA-1950-1} - webkit 1.1.12-1 (low; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...) NOT-FOR-US: Safari in Apple iPhone OS CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...) @@ -10959,7 +10959,7 @@ - qt4-x11 4:4.5.2-1 (medium; bug #532718) - webkit 1.1.5-1 (medium; bug #532724; bug #532725) NOTE: http://trac.webkit.org/changeset/43590 - - kdelibs <unfixed> (low; bug #561765) + - kdelibs <unfixed> (low; bug #561765) - kde4libs 4:4.3.0-1 (medium; bug #534917) [lenny] - kde4libs <not-affected> (khtml doesn''t have SVG support) NOTE: http://websvn.kde.org/?view=rev&revision=983302 @@ -17488,9 +17488,9 @@ CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...) - webkit 1.1.7-1 (low; bug #520052) [lenny] - webkit <no-dsa> (Minor issue) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: webkit properly handles this issue with respect to extensions such as jpg and txt, but not in general; for example, the attack works for odp, xls, etc extensions (only tested with midori 0.1.4) NOTE: not reproducible using iceweasel 3.0.1 CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...) @@ -18653,9 +18653,9 @@ NOT-FOR-US: Safari CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...) - webkit <unfixed> (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: work with upstream to determine affected/not-affected webkit versions CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...) NOT-FOR-US: Apple @@ -20278,9 +20278,9 @@ RESERVED CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...) - webkit 1.0.1-4 (bug #499771) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...) NOT-FOR-US: Apple iPod CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...) @@ -23358,9 +23358,9 @@ NOT-FOR-US: Apple Mac OS X CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...) - webkit <unfixed> (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: work with upstream to determine affected/not-affected webkit versions CVE-2008-2319 RESERVED @@ -23394,9 +23394,9 @@ NOT-FOR-US: Alias Manager in Apple Mac OS X CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...) - webkit 1.0.1-1 - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) NOTE: http://trac.webkit.org/changeset/34204 CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...) NOT-FOR-US: Windows issue @@ -25075,9 +25075,9 @@ NOT-FOR-US: iPhone CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows ...) - webkit <unfixed> (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: work with upstream to determine affected/not-affected webkit versions CVE-2008-1587 RESERVED @@ -28205,9 +28205,9 @@ NOT-FOR-US: Mapbender CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...) - webkit <unfixed> (unimportant) - - qt4-x11 <unfixed> (unimportant; bug #561760) - - kdelibs <unfixed> (unimportant; bug #561765) - - kde4libs <unfixed> (unimportant; bug #561762) + - qt4-x11 <unfixed> (unimportant; bug #561760) + - kdelibs <unfixed> (unimportant; bug #561765) + - kde4libs <unfixed> (unimportant; bug #561762) NOTE: khtml originates from konqueror. browser crashes are considered unimportant CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...) NOT-FOR-US: PhotoKorn @@ -56003,9 +56003,9 @@ - mozilla 2:1.7.13-0.3 (medium) - xulrunner 1.8.0.4-1 (medium) - webkit <unfixed> (medium; bug #535793) - - qt4-x11 <unfixed> (low; bug #561760) - - kdelibs <unfixed> (low; bug #561765) - - kde4libs <unfixed> (low; bug #561762) + - qt4-x11 <unfixed> (low; bug #561760) + - kdelibs <unfixed> (low; bug #561765) + - kde4libs <unfixed> (low; bug #561762) TODO: work with upstream to determine affected/not-affected webkit versions CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...) {DSA-1134-1 DSA-1120 DSA-1118}