Your message dated Mon, 22 Feb 2010 22:14:28 -0500
with message-id <[email protected]>
and subject line re: webkit: CVE-2009-3932 google gears plugin vulnerability
has caused the Debian Bug report #560905,
regarding webkit: CVE-2009-3932 google gears plugin vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
560905: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560905
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: webkit
Version: 1.1.17-2
Severity: important
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for chrome:
CVE-2009-3932[0]:
| The Gears plugin in Google Chrome before 3.0.195.32 allows
| user-assisted remote attackers to cause a denial of service (memory
| corruption and plugin crash) or possibly execute arbitrary code via
| unspecified use of the Gears SQL API, related to putting "SQL metadata
| into a bad state."
I checked the webkit codebase and found some reference to gears, but I'm
not sure if those are at all involved in this issue (especially since
google is currently embargoing detailed info on the flaw). Please check
and close the bug if you find that webkit itself is not affected.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3932
http://security-tracker.debian.org/tracker/CVE-2009-3932
--- End Message ---
--- Begin Message ---
this is a chromium-specific issue.
--- End Message ---
