diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2012-09-07 15:53:21 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2012-09-07 15:53:21 +0000 |
commit | b1a47dffde5d18f0c8dbd060998e193ced5efd54 (patch) | |
tree | d7752e0c073b43b90d5022d2160e41e8abca2f8d /data | |
parent | 4275709d74d437c90c7a257ba7b29ecfb09143c7 (diff) |
remove more webkit <unfixed> entries, no longer supported/tracked
wireshark fixed
rt-authen-externalauth fixed
mark disputed wordpress issues as unimportant
python2.7 hash collision issue already fixed in rc1, i.e. testing
embedded expat only used up to python2.6
plupload issue was fixed in wordpress a while ago
GCC new int overflow no-dsa (fw, please add info if you find anything missing
or disagree)
fix fixed version for horizon
mark okular as fixed, see NOTE for details
an additional, split-off roundcube issue was fixed along with the original ID
fix swftools entry
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@20115 e39458fd-73e7-0310-bf30-c45bca0a0e42
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2002.list | 7 | ||||
-rw-r--r-- | data/CVE/2009.list | 1 | ||||
-rw-r--r-- | data/CVE/2010.list | 5 | ||||
-rw-r--r-- | data/CVE/2011.list | 27 | ||||
-rw-r--r-- | data/CVE/2012.list | 31 |
5 files changed, 25 insertions, 46 deletions
diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 0a28752575..6f309db88c 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -9,11 +9,18 @@ CVE-2002-2440 CVE-2002-2439 RESERVED - gcc-4.1 <removed> + [squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.3 <removed> + [squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.4 <unfixed> + [squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) + [wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.6 <unfixed> + [wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) NOTE: Are there apps known to be exploitable through this? NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway? + NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is + NOTE: properly rebuild with a fixed version from the start CVE-2002-2438 RESERVED NOT-FOR-US: ancient linux 2.4 issue diff --git a/data/CVE/2009.list b/data/CVE/2009.list index c92a6b3d5a..b0813273f7 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -3937,7 +3937,6 @@ CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xp - xpdf 3.02-2 (medium; bug #551287) - poppler 0.12.2-1 (medium; bug #551289) - kdegraphics 4:4.0 (medium; bug #551290) - - swftools <removed> (medium; bug #551291) - swftools 0.9.2+ds1-2 CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...) - dopewars 1.5.12-9 (low; bug #550913) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 04544a2878..8ba3fc1c08 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -2466,7 +2466,6 @@ CVE-2010-4206 (Array index error in the FEBlend::apply function in ...) - chromium-browser 6.0.472.63~r59945-2 NOTE: http://trac.webkit.org/changeset/70652 CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...) - - webkit <unfixed> - chromium-browser 6.0.472.63~r59945-2 NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159 NOTE: http://trac.webkit.org/changeset/70550 @@ -6774,11 +6773,13 @@ CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allo CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...) NOT-FOR-US: Opera CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...) - - okular <removed> (low) + - okular 4:4.4.5-2 [lenny] - okular 0.7-2+lenny1 - kdegraphics 4:4.4.5-2 [lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular) NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt + NOTE: Okular was initially a single source package (lenny days), then it was merged into + NOTE: kdegraphics (squeeze days) and later split off again (wheezy) CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...) - mantis 1.1.8+dfsg-6 (low; bug #595510) [lenny] - mantis 1.1.6+dfsg-2lenny2 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 9c197fdb8a..837d4796c0 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -608,10 +608,10 @@ CVE-2011-4906 CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...) - activemq 5.5.0+dfsg-5 (bug #655495) CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - - wordpress <unfixed> + - wordpress <unfixed> (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2011-4898 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...) - - wordpress <unfixed> + - wordpress <unfixed> (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2011-4904 RESERVED @@ -4492,7 +4492,6 @@ CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft - iceweasel <not-affected> NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/ - chromium-browser 15.0.874.106~r107270-1 - - webkit <unfixed> - lighttpd 1.4.30-1 NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround - curl 7.24.0-1 @@ -6125,7 +6124,6 @@ CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-mi - chromium-browser <undetermined> - webkit <undetermined> CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...) - - webkit <unfixed> (bug #656057) NOTE: CVE description is wrong, see #656057 CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...) - chromium-browser 13.0.782.215~r97094-1 @@ -9015,7 +9013,6 @@ CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux ker CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx ...) NOT-FOR-US: TigerVNC CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security ...) - - webkit <unfixed> NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4 CVE-2011-1773 @@ -10312,7 +10309,6 @@ CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RI {DSA-2192-1} - chromium-browser 10.0.648.133~r77742-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: needs port NOTE: http://trac.webkit.org/changeset/80787 CVE-2011-1289 @@ -10493,14 +10489,12 @@ CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser <no-dsa> (hard merge) - - webkit <unfixed> (low) NOTE: http://trac.webkit.org/changeset/79810 NOTE: very hard to merge: needs introduction of ScopedEventQueue.cpp CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/79476 CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...) - libxslt 1.1.26-7 (low; bug #617413) @@ -10580,13 +10574,11 @@ CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.1 {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77563 CVE-2011-1189 (Google Chrome before 10.0.648.127 does not properly perform box ...) {DSA-2189-1} - chromium-browser 10.0.648.127~r76697-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/79689 CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter ...) {DSA-2189-1} @@ -10614,7 +10606,6 @@ CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly hand CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1) navigation and ...) - chromium-browser 10.0.648.127~r76697-1 [squeeze] - chromium-browser <no-dsa> (minor issue) - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/74853 CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...) {DSA-2401-1} @@ -10815,7 +10806,6 @@ CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remot {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: needs port (s/logicalBottom/bottom) NOTE: http://trac.webkit.org/changeset/77565 CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...) @@ -10834,25 +10824,21 @@ CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTARE - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser <not-affected> - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77144 CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser <not-affected> - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77262 CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...) - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser <not-affected> - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/77548 CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...) {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76915 CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...) {DSA-2189-1} @@ -10874,7 +10860,6 @@ CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement form - chromium-browser 9.0.597.107~r75357-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser <not-affected> - - webkit <unfixed> NOTE: needs port (s/FormAssociatedElement/HTMLFormElement) NOTE: http://trac.webkit.org/changeset/77114 CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...) @@ -10887,7 +10872,6 @@ CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes {DSA-2189-1} - chromium-browser 9.0.597.107~r75357-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76728 CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...) {DSA-2189-1} @@ -11158,6 +11142,7 @@ CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do n CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in ...) - python2.6 <unfixed> (low; bug #614860) [squeeze] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) + [wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) - python2.5 <unfixed> (low) [squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) [lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport) @@ -11328,13 +11313,11 @@ CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 a - chromium-browser 9.0.597.98~r74359-1 [squeeze] - chromium-browser <not-affected> [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76990 CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event ...) {DSA-2166-1} - chromium-browser 9.0.597.98~r74359-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/76708 CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...) NOT-FOR-US: Microsoft Office Excel 2003 @@ -11812,7 +11795,6 @@ CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 a {DSA-2166-1} - chromium-browser 9.0.597.84~r72991-1 [wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/72230 CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on Mac ...) - chromium-browser <not-affected> (mac only) @@ -12564,7 +12546,6 @@ CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 - webkit <not-affected> (chromium specific) CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) - chromium-browser 6.0.472.63~r59945-5 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/74636 CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) - chromium-browser 6.0.472.63~r59945-5 @@ -12581,7 +12562,6 @@ CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 NOTE: http://trac.webkit.org/changeset/74574 CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) - chromium-browser 6.0.472.63~r59945-5 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/73927 NOTE: http://trac.webkit.org/changeset/73937 CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) @@ -12589,7 +12569,6 @@ CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 - webkit <not-affected> (Chrome PDF plugin) CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237 ...) - chromium-browser 6.0.472.63~r59945-5 - - webkit <unfixed> NOTE: http://trac.webkit.org/changeset/73559 NOTE: http://trac.webkit.org/changeset/73620 CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 0288897259..ff08372630 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -36,11 +36,11 @@ CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Si CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search ...) NOT-FOR-US: Zeroboard CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 ...) - TODO: check + NOT-FOR-US: PacketFence CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...) - TODO: check + NOT-FOR-US: PacketFence CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in ...) - TODO: check + NOT-FOR-US: PacketFence CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL ...) NOT-FOR-US: Barracuda SSL VPN CVE-2012-4738 @@ -1515,13 +1515,13 @@ CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow rem CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before ...) NOT-FOR-US: Google Chrome OS CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x ...) - - wireshark <unfixed> + - wireshark 1.8.2-1 [squeeze] - wireshark <not-affected> (Vulnerable code not present) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before ...) - - wireshark <unfixed> (bug #680056) + - wireshark 1.8.2-1 (bug #680056) NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1 NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2 @@ -2606,7 +2606,7 @@ CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 CVE-2012-3541 RESERVED CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...) - - horizon 2012.1.1-5 (bug #686050) + - horizon 2012.1.1-4 (bug #686050) CVE-2012-3539 REJECTED CVE-2012-3538 @@ -2702,7 +2702,7 @@ CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in NOTE: http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54411 TODO: track down the affected packages CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...) - - roundcube <unfixed> (bug #685475) + - roundcube 0.7.2-4 (bug #685475) [squeeze] - roundcube <not-affected> (Vulnerable code not present) NOTE: http://trac.roundcube.net/ticket/1488613 CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...) @@ -2976,8 +2976,7 @@ CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based CVE-2012-3415 RESERVED - plpupload <itp> (bug #668396) - - wordpress <unfixed> - TODO: check wordpress' embedded copy + - wordpress 3.3.2 CVE-2012-3414 [libjs-swfupload] RESERVED - libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323) @@ -4449,7 +4448,7 @@ CVE-2012-2772 CVE-2012-2771 RESERVED CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical ...) - - rt-authen-externalauth <unfixed> (bug #683288) + - rt-authen-externalauth 0.10-2 (bug #683288) CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the topic ...) - request-tracker4 4.0.6-1 NOTE: bundled in RT4 @@ -8263,7 +8262,7 @@ CVE-2012-1150 RESERVED - python2.5 <removed> (low) - python2.6 2.6.8-0.1 (low) - - python2.7 2.7.3-1 (low) + - python2.7 2.7.3~rc1-1 (low) - python3.2 3.2.3-1 (low) - python3.1 <removed> (low) [squeeze] - python2.5 <no-dsa> (Minor issue) @@ -8929,10 +8928,6 @@ CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash v {DSA-2525-1} - expat 2.1.0~beta3-1 (bug #663579) - python2.6 2.6.8-0.1 - - python2.7 <unfixed> - NOTE: python2.7 probably does not use embedded expat copy - - python3.1 <unfixed> - - python3.2 <unfixed> CVE-2012-0875 [systemtap invalid read leading to kernel DoS] RESERVED - systemtap 1.7-1 (low; bug #660929; bug #660886) @@ -9222,7 +9217,7 @@ CVE-2012-0784 CVE-2012-0783 RESERVED CVE-2012-0782 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...) - - wordpress <unfixed> + - wordpress <unfixed> (unimportant) NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...) {DSA-2408-1} @@ -9438,8 +9433,7 @@ CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6 CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...) NOT-FOR-US: Apple iTunes CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...) - - webkit <unfixed> - NOTE: http://packetstormsecurity.sebug.net/files/download/112596/APPLE-SA-2012-05-09-2.txt + NOT-FOR-US: Apple Safari CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...) NOT-FOR-US: Time Machine CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...) @@ -9447,7 +9441,6 @@ CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof CVE-2012-0673 RESERVED CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ...) - - webkit <unfixed> NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute ...) NOT-FOR-US: Apple QuickTime |