Bug#599830: Multiple security issues

Mike Hommey mh at glandium.org
Thu Oct 28 16:26:47 UTC 2010 

On Thu, Oct 28, 2010 at 06:18:29PM +0200, Moritz Muehlenhoff wrote:
> On Mon, Oct 18, 2010 at 11:52:40AM -0200, Gustavo Noronha Silva wrote:
> > Version: 1.2.5-1
> > 
> > Hey,
> > 
> > On Sun, 2010-10-17 at 22:27 +0200, Moritz Muehlenhoff wrote:
> > > On Mon, Oct 11, 2010 at 07:50:48PM +0200, Moritz Muehlenhoff wrote:
> > > > Package: webkit
> > > > Severity: grave
> > > > Tags: security
> > > > 
> > > > The following security issues need to be fixed in Webkit:
> > > > 
> > > > http://security-tracker.debian.org/tracker/CVE-2010-1807
> > > > http://security-tracker.debian.org/tracker/CVE-2010-2646
> > > > http://security-tracker.debian.org/tracker/CVE-2010-2651
> > > > http://security-tracker.debian.org/tracker/CVE-2010-3115
> > > > 
> > > > Also, the status of #532514 should finally be resolved
> > > > for Squeeze.
> > > 
> > > People were claming that Webkit would be more maintainable
> > > and supported then the version in Lenny.
> > > 
> > > Still, there's no followup from the maintainers since a week.
> > 
> > I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after
> > having worked on getting many CVEs handled upstream. Michael Gilbert
> > also worked on a few more CVEs for the Debian package. The package I
> > finished uploading this morning has the following CVEs handled, from
> > upstream:
> 
> Thanks for the upload.
> 
> There's a huge amount of vulnerabilities which need to be checked
> for Webkit on top of these. Shall I open a new bug?
> CVE-2009-2068 
> CVE-2009-3011 
> CVE-2010-1131
> CVE-2010-1384 
> CVE-2010-1403
> CVE-2010-1750
> CVE-2010-1757
> CVE-2010-1769
> CVE-2010-1781
> CVE-2010-1783
> CVE-2010-1805
> CVE-2010-1806
> CVE-2010-1823
> CVE-2010-1824
> CVE-2010-1825
> CVE-2010-1992
> CVE-2010-2120 
> CVE-2010-2264
> CVE-2010-3246
> CVE-2010-3248
> CVE-2010-3249
> CVE-2010-3252
> CVE-2010-3253
> CVE-2010-3254
> CVE-2010-3255
> CVE-2010-3415
> CVE-2010-3416
> CVE-2010-3730
> CVE-2010-4033
> CVE-2010-4034
> CVE-2010-4035
> CVE-2010-4036
> CVE-2010-4037
> CVE-2010-4038
> CVE-2010-4039
> CVE-2010-4040
> CVE-2010-4041
> CVE-2010-4042
> 
> It is very important that more people get involved in webkit
> maintenance, especially with regard to the backports needed for
> Squeeze and given that it represents the web engine for the browser
> installed in the standard desktop task. Could you maybe send a RFH
> to debian-devel-announce?
> 
> How long will the 1.2 branch be supported by upstream?

More information about the Pkg-webkit-maintainers mailing list