Bug#538402: marked as done (CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit)

[Debian Bug Tracking System]

Your message dated Tue, 25 Aug 2009 17:32:55 +0000
with message-id <e1mfzt9-0004n6...@ries.debian.org>
and subject line Bug#538402: fixed in webkit 1.1.13-1
has caused the Debian Bug report #538402,
regarding CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
538402: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538402
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.

CVE-2009-1724[0]:
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbitrary web script or
| HTML via vectors related to parent and top objects.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
    http://security-tracker.debian.net/tracker/CVE-2009-1724
[1] http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/

--- End Message ---

--- Begin Message ---

Source: webkit
Source-Version: 1.1.13-1

We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:

libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
  to pool/main/w/webkit/libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
libwebkit-1.0-2_1.1.13-1_amd64.deb
  to pool/main/w/webkit/libwebkit-1.0-2_1.1.13-1_amd64.deb
libwebkit-1.0-common_1.1.13-1_all.deb
  to pool/main/w/webkit/libwebkit-1.0-common_1.1.13-1_all.deb
libwebkit-dev_1.1.13-1_all.deb
  to pool/main/w/webkit/libwebkit-dev_1.1.13-1_all.deb
webkit_1.1.13-1.diff.gz
  to pool/main/w/webkit/webkit_1.1.13-1.diff.gz
webkit_1.1.13-1.dsc
  to pool/main/w/webkit/webkit_1.1.13-1.dsc
webkit_1.1.13.orig.tar.gz
  to pool/main/w/webkit/webkit_1.1.13.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 538...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gustavo Noronha Silva <k...@debian.org> (supplier of updated webkit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 24 Aug 2009 21:25:59 -0300
Source: webkit
Binary: libwebkit-1.0-2 libwebkit-dev libwebkit-1.0-common libwebkit-1.0-2-dbg
Architecture: source all amd64
Version: 1.1.13-1
Distribution: experimental
Urgency: low
Maintainer: Debian WebKit Maintainers 
<pkg-webkit-maintain...@lists.alioth.debian.org>
Changed-By: Gustavo Noronha Silva <k...@debian.org>
Description: 
 libwebkit-1.0-2 - Web content engine library for Gtk+
 libwebkit-1.0-2-dbg - Web content engine library for Gtk+ - Debugging symbols
 libwebkit-1.0-common - Web content engine library for Gtk+ - data files
 libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 538346 538402 542272
Changes: 
 webkit (1.1.13-1) experimental; urgency=low
 .
   * New upstream release
   - security fixes are already included in this release
     (Closes: #538346, #538402)
   * debian/control:
   - update Build-Depends on libsoup to match upstream requirements
     (Closes: #542272)
   - Bump Build-Depends on libsoup2.4-dev to 2.27.91
   * debian/copyright:
   - updated with changes since 1.1.12
   * debian/libwebkit-1.0-2.symbols:
   - new symbols
Checksums-Sha1: 
 1e24a394cb866590f2a7926cec396de32a1e597c 1858 webkit_1.1.13-1.dsc
 640c3d0cb1574887479ce7409e859099c2f3735b 5548276 webkit_1.1.13.orig.tar.gz
 c5541c6b640e200f81541fe74e7f39d0b47b843a 19466 webkit_1.1.13-1.diff.gz
 2639bdf44ab3bbae1a66aa9a2aaf0669edde7b34 88756 libwebkit-dev_1.1.13-1_all.deb
 1f429fda9f537e8bbb3d7bdd2f6aa5ee37468d3c 596472 
libwebkit-1.0-common_1.1.13-1_all.deb
 4c9af76b8b5aa6e4dfe54802e0c8133cc88b0cf1 5268982 
libwebkit-1.0-2_1.1.13-1_amd64.deb
 dafff1d498e0ed8cc176e39c464721ecf655ccda 115674578 
libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
Checksums-Sha256: 
 d8a400e40298c0fa24cb376cc5a4b21b69fa0acad14ba99796b71510148fea81 1858 
webkit_1.1.13-1.dsc
 2efad3ca666d4447f6b990d9a18dea9e30d4bea547b1f3a050df7b32bf162e68 5548276 
webkit_1.1.13.orig.tar.gz
 2506875cb2ffc274da898a6c740e2fdb1f451eaf671d03599b3e93fa94f35a62 19466 
webkit_1.1.13-1.diff.gz
 d2c7394370a9c4870f6dac8ef5376bd68807d71d1f6b14fa7154d91400958965 88756 
libwebkit-dev_1.1.13-1_all.deb
 43208b6c9255accbcc81272d26e858fc5730a9353a72ac8f0f5b62cd41e2a964 596472 
libwebkit-1.0-common_1.1.13-1_all.deb
 efa37dfa20ec3898dd5a4b64744bac7b580c96ed4d8830cdd08fb3f04a0ea839 5268982 
libwebkit-1.0-2_1.1.13-1_amd64.deb
 e7e957424e75915ef81e2505f1af16d1cdc8dfd103700f9439390ec777e26e29 115674578 
libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
Files: 
 561dc605f65aa4ce7599c7f487e2563b 1858 web optional webkit_1.1.13-1.dsc
 604f4e6220102177c0b0997f4b943980 5548276 web optional webkit_1.1.13.orig.tar.gz
 674c46adfc555344c59453cc961f9ab9 19466 web optional webkit_1.1.13-1.diff.gz
 d41e6755f5b2dfa4ee1570e9575af637 88756 libdevel extra 
libwebkit-dev_1.1.13-1_all.deb
 80c8881244751c81a5d2c14e2321c634 596472 libs optional 
libwebkit-1.0-common_1.1.13-1_all.deb
 b9324bd18a24c964686e4b0f9b3cf704 5268982 libs optional 
libwebkit-1.0-2_1.1.13-1_amd64.deb
 2339f40223aab5de5d8cb9cbc636589c 115674578 debug extra 
libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBCAAGBQJKk1GJAAoJENIA6zCg+12mX6sH/jUIhhXcy5xykdrLZza9vp8+
ncXKLFMExc2BKYzSoZ7u/4x/odrk9YFkg7GJ5Cp7+zPJRCtLFjXn2Cq7JbPD289x
HjJaMfQ85A+ovdHJ0pzKuyk+2es9nF5EE47mCSQIeKaYsTyyVUf/A7VBs5l+2kYF
Vwy4BfaMou9gaqpad3lEHC2tNiGC2cxdFu+eteQCqxrOQDD75BYbLwvPz8oxhInw
j2/usTUkffatIvmIIznsFoph9L2AXRfIgSvarUuJ05ydiZ3vtHPisMFlB6g6r9fi
iWFoPsi0Ysj+hFaqmdQkNQ0h2KfStRBJOcp2Y/n0BsXctKJXAlCfTGA/vSfLVao=
=NwL6
-----END PGP SIGNATURE-----

--- End Message ---