Package: webkit Severity: important Tags: security Hi Mike, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit.
CVE-2008-6059[0]: | xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not | properly restrict access from web pages to the (1) Set-Cookie and (2) | Set-Cookie2 HTTP response headers, which allows remote attackers to | obtain sensitive information from cookies via XMLHttpRequest calls, | related to the HTTPOnly protection mechanism. I am not quite sure that I understood the issue correctly, so I used important as the severity. Maybe you could investigate the severity and state your opinion? If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. Cheers Steffen For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6059 http://security-tracker.debian.net/tracker/CVE-2008-6059 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
