Ok thanks, makes sense. I don't see anything in the introduction file about flagging things <undetermined>, when exactly should that be used? Does that apply to *all* Safari issues (there are 10-20 Safari issues still TODO: check).
-Johnathan 2011/7/25 Moritz Mühlenhoff <[email protected]> > On Mon, Jul 25, 2011 at 05:05:20AM +0000, Johnathan Ritzi wrote: > > Author: jrdioko-guest > > Date: 2011-07-25 05:05:20 +0000 (Mon, 25 Jul 2011) > > New Revision: 16980 > > > > Modified: > > data/CVE/list > > Log: > > First stab at processing issues (NFUs), please check my work! > > Looks good, but two issues need to be corrected (it's very > complicated issue, though): > > > CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to > bypass the Same ...) > > - TODO: check > > + NOT-FOR-US: Apple Safari > > CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows > remote attackers ...) > > TODO: check > > CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information > to scripts ...) > > - TODO: check > > + NOT-FOR-US: Apple Safari > > Safari uses the Webkit engine, which has also some shared codebase > with Chromium. As such, we treat all issues reported for Safari as > potentially affecting Webkit and Chromium by marking them as > <undetermined>. The Chromium and Webkit maintainers (who're also > on this list), check their status later on) > > Cheers, > Moritz >
