[Secure-testing-commits] r15347 - data/CVE

Giuseppe Iuculano Sun, 19 Sep 2010 01:52:32 -0700

Author: iuculano
Date: 2010-09-19 08:51:46 +0000 (Sun, 19 Sep 2010)
New Revision: 15347


Modified:
   data/CVE/list
Log:
changeset for CVE-2010-1807

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2010-09-18 14:32:25 UTC (rev 15346)
+++ data/CVE/list       2010-09-19 08:51:46 UTC (rev 15347)
@@ -4225,7 +4225,8 @@
 CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2 
does not ...)
        - webkit <unfixed>
        - chromium-browser <not-affected>
-       NOTE: don't know the changeset, but the problem is that the 
standard-library strtod()
+       NOTE: http://trac.webkit.org/changeset/64706 
https://bugs.webkit.org/show_bug.cgi?id=43461
+       NOTE: the problem is that the standard-library strtod()
        NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which 
is bad for the nan-boxing
        NOTE: scheme used by webkit (and mozilla).  The fix is not to accept 
"NAN(payload)".
        NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r15347 - data/CVE

Reply via email to