Accepted webkit 1.0.1-4+lenny2 (source all i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 20:41:40 +0100
Source: webkit
Binary: libwebkit-1.0-1 libwebkit-dev libwebkit-1.0-1-dbg
Architecture: source all i386
Version: 1.0.1-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libwebkit-1.0-1 - Web content engine library for Gtk+
libwebkit-1.0-1-dbg - Web content engine library for Gtk+ - Debugging symbols
libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 532724 532725 534946 535793 538346
Changes:
webkit (1.0.1-4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed FTBFS on arm and powerpc: include limits.h for a definition of
ULONG_MAX introduced in CVE-2009-1687 patch.
.
webkit (1.0.1-4+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-0945: NULL-pointer dereference in the SVGList interface
implementation (Closes: #532724, #532725)
* Fixed CVE-2009-1687: Integer overflow in JavaScript garbage collector
* Fixed CVE-2009-1690: Incorrect handling <head> element content once the
<head> element was removed
* Fixed CVE-2009-1698: incorrect handling CSS "style" attribute content
* Fixed CVE-2009-1711: denial of service or arbitrary code execution via
Attr DOM objects improper memory initialization. (Closes: #534946)
* Fixed CVE-2009-1712: arbitrary code execution via remote loading of
local java applets. (Closes: #535793)
* Fixed CVE-2009-1725: improper handling of numeric character references
(Closes: #538346)
* Patch based on work done by Marc Deslauriers <marc.deslauriers@ubuntu.com>
in Ubuntu, thanks.
* Fixed CVE-2009-1714: Cross-site scripting (XSS) vulnerability in Web
Inspector
* Fixed CVE-2009-1710: Remote attackers can spoof the browser's display of
the host name, security indicators, and unspecified other UI elements via
a custom cursor in conjunction with a modified CSS3 hotspot property.
* Fixed CVE-2009-1697: CRLF injection vulnerability allows remote attackers
to inject HTTP headers and bypass the Same Origin Policy via a crafted
HTML document
* Fixed CVE-2009-1695: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via vectors involving
access to frame contents after completion of a page transition.
* Fixed CVE-2009-1693 and CVE-2009-1694: does not properly handle redirects,
which allows remote attackers to read images from arbitrary web sites via
vectors involving a CANVAS element and redirection
* Fixed CVE-2009-1681: does not prevent web sites from loading third-party
content into a subframe, which allows remote attackers to bypass the Same
Origin Policy and conduct "clickjacking" attacks via a crafted HTML
document.
* Fixed CVE-2009-1684: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via an event handler that
triggers script execution in the context of the next loaded document.
* Fixed CVE-2009-1692: denial of service (memory consumption or device reset)
via a web page containing an HTMLSelectElement object with a large length
attribute, related to the length property of a Select object.
Checksums-Sha1:
84c6fe9a45dd53cf5211bedc5139bb06e445b9a1 1447 webkit_1.0.1-4+lenny2.dsc
bd7b8dec8eb2d1f3545bd92230ad27d5671285ce 13418752 webkit_1.0.1.orig.tar.gz
bf989e21bf7d7bb829173ee8058ba0c24f2e64b4 35369 webkit_1.0.1-4+lenny2.diff.gz
cb59b66fbeffc65cb4231c7f92f4d61a4d9845bc 35164 libwebkit-dev_1.0.1-4+lenny2_all.deb
695bab1bfa0906d7fe99ce27aa906314cbb5db66 3016584 libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
df4d5eb6f2529c22b9dd3b34508233223fc25340 62161744 libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Checksums-Sha256:
480a9137c4620c92a6cfe110f1734b8136e3c2c924900b6f34dd80b046163cb7 1447 webkit_1.0.1-4+lenny2.dsc
9601ed57978e7f1221f770c24933d2037fdb93e4b412716d842b993507f0b856 13418752 webkit_1.0.1.orig.tar.gz
333c2c20ae64227e1a263672e5c3bac2b2e51a8679f2dd865c272483667cc5d8 35369 webkit_1.0.1-4+lenny2.diff.gz
a1605d1cd8f8a68796601147399f1eefb60af04d89ec82b62ce1ebdbde492841 35164 libwebkit-dev_1.0.1-4+lenny2_all.deb
1c8c66171d2c772b358ec1136a90f53e27a551282e9e4ed74e3493d3f2048784 3016584 libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
009003feebd18778168dcfd364d08d9c76001df5fe61977602da374cbe3d7e73 62161744 libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Files:
b5f01d6428f01d79bfe18338064452ab 1447 web optional webkit_1.0.1-4+lenny2.dsc
4de68a5773998bea14e8939aa341c466 13418752 web optional webkit_1.0.1.orig.tar.gz
506c8f2fef73a9fc856264f11a3ad27e 35369 web optional webkit_1.0.1-4+lenny2.diff.gz
df682bbcd13389c2f50002c2aaf7347b 35164 libdevel extra libwebkit-dev_1.0.1-4+lenny2_all.deb
b854f5294527adac80e9776efed37cd7 3016584 libs optional libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
f89fc6ac6d1110cabe47dd9184c9a9ca 62161744 libdevel extra libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkshY3wACgkQNxpp46476arTNgCfRAlwh209c24VVDe6Hh48odrJ
lxwAoI4WKX2nyLrHy+xvsnTXRA5ZF2ga
=/kz8
-----END PGP SIGNATURE-----
Accepted:
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
libwebkit-dev_1.0.1-4+lenny2_all.deb
to main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
webkit_1.0.1-4+lenny2.diff.gz
to main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
webkit_1.0.1-4+lenny2.dsc
to main/w/webkit/webkit_1.0.1-4+lenny2.dsc
Reply to: