Package: libqt4-webkit
Version: 4.4.0~rc1-5
Severity: medium
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libqt4-webkit.
CVE-2008-1025[0]:
| Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in
| Safari before 3.1.1, allows remote attackers to inject arbitrary web
| script or HTML via a crafted URL with a colon in the hostname portion.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1025
http://security-tracker.debian.net/tracker/CVE-2008-1025
A changeset of the modifications needed are here:
http://trac.webkit.org/changeset/31438
WebKit-1.0.0-0.8.svn31787 or newer have the code fixed.
Kind regards,
--
Eder L. Marques
Just another weekend hacker
http://blog.edermarques.net/ | http://www.debian.org/
http://administrando.net/ | http://www.debianbrasil.org/
http://www.fsfla.org/ | http://www.debian-ce.org/
Attachment:
signature.asc
Description: OpenPGP digital signature