1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
|
Candidate: CVE-2011-1774
PublicDate: 2011-07-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1774
http://www.openwall.com/lists/oss-security/2011/05/09/4
Description:
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings,
which allows remote attackers to create arbitrary files, and consequently
execute arbitrary code, via a crafted web site. NOTE: this may overlap
CVE-2011-1425.
Ubuntu-Description:
Notes:
kees> likely CVE-2011-1425
jdstrand> per Debian, CVE-2011-1774 is about webkit's interface to xmlsec
jdstrand> code inspection showed only 10.04 LTS is affected
Bugs:
https://bugs.webkit.org/show_bug.cgi?id=52688
Priority: medium
Discovered-by:
Assigned-to:
Patches_webkit:
upstream: http://trac.webkit.org/changeset/79159
upstream_webkit: needs-triage
hardy_webkit: ignored (reached end-of-life)
lucid_webkit: ignored (reached end-of-life)
maverick_webkit: ignored (reached end-of-life)
natty_webkit: not-affected (1.3.13-0ubuntu2)
oneiric_webkit: not-affected
precise_webkit: not-affected
quantal_webkit: not-affected
raring_webkit: not-affected
devel_webkit: not-affected
|