Bug#535793: closed by Giuseppe Iuculano (Bug#535793: fixed in webkit 1.0.1-4+lenny2)

Michael Gilbert michael.s.gilbert at gmail.com
Thu Dec 17 02:54:01 UTC 2009 

reopen 535793
thanks

On Thu, 17 Dec 2009 00:57:12 +0000 Debian Bug Tracking System wrote:
> webkit (1.0.1-4+lenny2) stable-security; urgency=high
>  .
>    * Non-maintainer upload by the Security Team.
>    * Fixed FTBFS on arm and powerpc: include limits.h for a definition
> of ULONG_MAX introduced in CVE-2009-1687 patch.
>  .
>  webkit (1.0.1-4+lenny1) stable-security; urgency=high
>  .
>    * Non-maintainer upload by the Security Team.
>    * Fixed CVE-2009-0945: NULL-pointer dereference in the SVGList
> interface implementation (Closes: #532724, #532725)
>    * Fixed CVE-2009-1687: Integer overflow in JavaScript garbage
> collector
>    * Fixed CVE-2009-1690: Incorrect handling <head> element content
> once the <head> element was removed
>    * Fixed CVE-2009-1698: incorrect handling CSS "style" attribute
> content
>    * Fixed CVE-2009-1711: denial of service or arbitrary code execution
> via Attr DOM objects improper memory initialization. (Closes: #534946)
>    * Fixed CVE-2009-1712: arbitrary code execution via remote loading of
>      local java applets. (Closes: #535793)
>    * Fixed CVE-2009-1725: improper handling of numeric character
> references (Closes: #538346)
>    * Patch based on work done by Marc Deslauriers in Ubuntu, thanks.
>    * Fixed CVE-2009-1714: Cross-site scripting (XSS) vulnerability in
> Web Inspector
>    * Fixed CVE-2009-1710: Remote attackers can spoof the browser's
> display of the host name, security indicators, and unspecified other UI
> elements via a custom cursor in conjunction with a modified CSS3
> hotspot property.
>    * Fixed CVE-2009-1697: CRLF injection vulnerability allows remote
> attackers to inject HTTP headers and bypass the Same Origin Policy via
> a crafted HTML document
>    * Fixed CVE-2009-1695: Cross-site scripting (XSS) vulnerability
> allows remote attackers to inject arbitrary web script or HTML via
> vectors involving access to frame contents after completion of a page
> transition.
>    * Fixed CVE-2009-1693 and CVE-2009-1694: does not properly handle
> redirects, which allows remote attackers to read images from arbitrary
> web sites via vectors involving a CANVAS element and redirection
>    * Fixed CVE-2009-1681: does not prevent web sites from loading
> third-party content into a subframe, which allows remote attackers to
> bypass the Same Origin Policy and conduct "clickjacking" attacks via a
> crafted HTML document.
>    * Fixed CVE-2009-1684: Cross-site scripting (XSS) vulnerability
> allows remote attackers to inject arbitrary web script or HTML via an
> event handler that triggers script execution in the context of the next
> loaded document.
>   * Fixed CVE-2009-1692: denial of service (memory consumption or
> device reset) via a web page containing an HTMLSelectElement object
> with a large length attribute, related to the length property of a
> Select object.

hi Giuseppe,

this patch didn't address all of the CVEs in the orignal bug report,
and i've confirmed that they are still open in the tracker, so i am
reopening the bug since there are still unaddressed issues if that is
ok.

mike

More information about the Pkg-webkit-maintainers mailing list