Author: jmm Date: 2011-01-16 04:09:01 +0000 (Sun, 16 Jan 2011) New Revision: 15895 Modified: data/CVE/list Log: qt cleanup: we don''t really support qtwebkit (as does upstream) the only remaining issue is harmless and doesn''t warrant a DSA Modified: data/CVE/list ==================================================================--- data/CVE/list 2011-01-16 02:08:22 UTC (rev 15894) +++ data/CVE/list 2011-01-16 04:09:01 UTC (rev 15895) @@ -6491,7 +6491,9 @@ CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...) NOT-FOR-US: Joomanager CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...) - - qt4-x11 4:4.6.3-2 (bug #587711) + - qt4-x11 4:4.6.3-2 (low; bug #587711) + [lenny] - qt4-x11 <no-dsa> (Harmless impact) + NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597 CVE-2010-2620 (Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...) NOT-FOR-US: Open&Compact FTP Server CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...) @@ -23004,6 +23006,7 @@ - kdelibs <unfixed> (unimportant) - kde4libs <unfixed> (unimportant) - qt4-x11 4:4.6.2-4 (low; bug #561760) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/44010 CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...) @@ -23015,6 +23018,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (bug #561760) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/31890 CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...) @@ -23055,6 +23059,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low; bug #561760) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/35157 CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...) @@ -23090,6 +23095,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/42216 CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...) @@ -23098,6 +23104,7 @@ - kdelibs <not-affected> - kde4libs <undetermined> - qt4-x11 4:4.6.2-4 + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: invasive patch to backport. NOTE: http://trac.webkit.org/changeset/40881 @@ -23107,6 +23114,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/38065 CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...) @@ -23130,6 +23138,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/41262 CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) @@ -23157,6 +23166,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/35935 CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...) @@ -23224,12 +23234,14 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/31431 CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) - webkit 1.0.1-4 (bug #535793) - kdelibs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/34574 CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...) @@ -23238,6 +23250,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against NOTE: http://trac.webkit.org/changeset/42365 CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...) @@ -23250,6 +23263,7 @@ - kdelibs <not-affected> - kde4libs <not-affected> - qt4-x11 4:4.6.2-4 (low) + [lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise) NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected NOTE: http://trac.webkit.org/changeset/42333 CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)