Your message dated Wed, 17 Jun 2009 17:24:43 -0300
with message-id <[email protected]>
and subject line Looks like it does not affect us indeed
has caused the Debian Bug report #500306,
regarding CVE-2008-3950
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
500306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500306
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: webkit
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit.

CVE-2008-3950[0]:
| Off-by-one error in the
| _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in
| WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4
| and 2.0 allows remote attackers to cause a denial of service (browser
| crash) via a JavaScript alert call with an argument that lacks
| breakable characters and has a length that is a multiple of the memory
| page size, leading to an out-of-bounds read.

CVE-2008-3632[1]:
| Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through
| 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to
| execute arbitrary code or cause a denial of service (application
| crash) via a web page with crafted Cascading Style Sheets (CSS) import
| statements.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

Please don't get confused by the very Apple-centric descriptions, it affects 
webkit.
A fix for CVE-2008-3632 can be found here[2]. I am not sure about CVE-2008-3950 
and it
might not affect the webkit package (I couldn't even find the function 
mentioned), but I
thought I'd mention it as well, in case you have more information.

Please also note that webkit has a security mailinglist and it might be 
possible for you
as the debian maintainer to get subscribed, so I'd suggest you ask them and 
give it a try. :)
Some information about webkit procedures can be found here[3].

Cheers
Steffen

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3950
    http://security-tracker.debian.net/tracker/CVE-2008-3950
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3632
    http://security-tracker.debian.net/tracker/CVE-2008-3632
[2] http://trac.webkit.org/changeset/34815
[3] http://webkit.org/blog/184/reporting-webkit-security-bugs/



--- End Message ---
--- Begin Message ---
Hey,

I believe the tracker is accurate, and this looks like an iPhone/iPod
specific problem.

Thanks,

-- 
Gustavo Noronha <[email protected]>
Debian Project



--- End Message ---

Reply via email to