Re: [Secure-testing-commits] r16980 - data/CVE

To: jrdioko@gmail.com
Cc: debian-security-tracker@lists.debian.org
Subject: Re: [Secure-testing-commits] r16980 - data/CVE
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Mon, 25 Jul 2011 13:46:52 +0200
Message-id: <[🔎] 20110725114652.GA18898@pisco.westfalen.local>
In-reply-to: <E1QlDM1-0001Mt-VO@vasks.debian.org>
References: <E1QlDM1-0001Mt-VO@vasks.debian.org>

On Mon, Jul 25, 2011 at 05:05:20AM +0000, Johnathan Ritzi wrote:
> Author: jrdioko-guest
> Date: 2011-07-25 05:05:20 +0000 (Mon, 25 Jul 2011)
> New Revision: 16980
> 
> Modified:
>    data/CVE/list
> Log:
> First stab at processing issues (NFUs), please check my work!

Looks good, but two issues need to be corrected (it's very
complicated issue, though):

>  CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same ...)
> -	TODO: check
> +	NOT-FOR-US: Apple Safari
>  CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
>  	TODO: check
>  CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts ...)
> -	TODO: check
> +	NOT-FOR-US: Apple Safari

Safari uses the Webkit engine, which has also some shared codebase
with Chromium. As such, we treat all issues reported for Safari as
potentially affecting Webkit and Chromium by marking them as
<undetermined>. The Chromium and Webkit maintainers (who're also
on this list), check their status later on)

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: [Secure-testing-commits] r16980 - data/CVE
  - From: Johnathan Ritzi <jrdioko@gmail.com>

Prev by Date: Re: [Secure-testing-commits] r16971 - bin
Next by Date: Re: [Secure-testing-commits] r16980 - data/CVE
Previous by thread: Re: [Secure-testing-commits] r16971 - bin
Next by thread: Re: [Secure-testing-commits] r16980 - data/CVE
Index(es):
- Date
- Thread