[Secure-testing-team] CVE-2010-2304 - #586547 - squeeze related - patch attached
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Aug 11 14:56:27 UTC 2010
On Wed, 11 Aug 2010 07:52:36 +0200, Jose Antonio Quevedo Muñoz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hi there!
>
> squeeze was frozen the last week as you know.
> This vulnerability [1] was already solved by Gustavo Noronha in unstable,
> but it's not solved in squeeze and lenny yet.
>
> The bug was reported by Nico Golde [1] (thanks for a very good bugreport).
> The patched was distributed by upstream. [2]
> More information about this CVE can be found in [3] and [4].
>
> Attached is the debdiff that includes the patch that can be used to
> solve this issue.
> I'm not an official DM or DD, so please review my work expecting newbie
> mistakes.
thanks for working on that. the new webkit package will automatically
transition to squeeze pretty soon, so there isn't any need to apply the
fix manually. also, security support for the lenny webkit package is
likely to be dropped soon.
you may want to take a look at the security tracker to find more issues
in need of assistance:
http://security-tracker.debian.org/tracker/status/release/stable
thanks again for your interest!
mike
More information about the Secure-testing-team
mailing list