Your message dated Thu, 17 Dec 2009 00:54:46 +0000
with message-id <[email protected]>
and subject line Bug#534946: fixed in webkit 1.0.1-4+lenny2
has caused the Debian Bug report #534946,
regarding webkit: CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
534946: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534946
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: webkit
Version: 1.0.1-4
Severity: grave
Tags: security lenny
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit.
CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
| pointer during handling of a Cascading Style Sheets (CSS) attr
| function call with a large numerical argument, which allows remote
| attackers to execute arbitrary code or cause a denial of service
| (memory corruption and application crash) via a crafted HTML document.
CVE-2009-1690[1]:
| Use-after-free vulnerability in WebKit, as used in Apple Safari before
| 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through
| 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows
| remote attackers to execute arbitrary code or cause a denial of
| service (memory corruption and application crash) by setting an
| unspecified property of an HTML tag that causes child elements to be
| freed and later accessed when an HTML error occurs, related to
| "recursion in certain DOM event handlers."
CVE-2009-1687[2]:
| The JavaScript garbage collector in WebKit in Apple Safari before 4.0,
| iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through
| 2.2.1 does not properly handle allocation failures, which allows
| remote attackers to execute arbitrary code or cause a denial of
| service (memory corruption and application crash) via a crafted HTML
| document that triggers write access to an "offset of a NULL pointer."
These are already fixed in debian unstable.
Please coordinate with the security team ([email protected]) to
prepare packages for the stable releases.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
http://security-tracker.debian.net/tracker/CVE-2009-1698
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
http://security-tracker.debian.net/tracker/CVE-2009-1690
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
http://security-tracker.debian.net/tracker/CVE-2009-1687
--- End Message ---
--- Begin Message ---
Source: webkit
Source-Version: 1.0.1-4+lenny2
We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
libwebkit-dev_1.0.1-4+lenny2_all.deb
to main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
webkit_1.0.1-4+lenny2.diff.gz
to main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
webkit_1.0.1-4+lenny2.dsc
to main/w/webkit/webkit_1.0.1-4+lenny2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated webkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 20:41:40 +0100
Source: webkit
Binary: libwebkit-1.0-1 libwebkit-dev libwebkit-1.0-1-dbg
Architecture: source all i386
Version: 1.0.1-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian WebKit Maintainers
<[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
libwebkit-1.0-1 - Web content engine library for Gtk+
libwebkit-1.0-1-dbg - Web content engine library for Gtk+ - Debugging symbols
libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 532724 532725 534946 535793 538346
Changes:
webkit (1.0.1-4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed FTBFS on arm and powerpc: include limits.h for a definition of
ULONG_MAX introduced in CVE-2009-1687 patch.
.
webkit (1.0.1-4+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-0945: NULL-pointer dereference in the SVGList interface
implementation (Closes: #532724, #532725)
* Fixed CVE-2009-1687: Integer overflow in JavaScript garbage collector
* Fixed CVE-2009-1690: Incorrect handling <head> element content once the
<head> element was removed
* Fixed CVE-2009-1698: incorrect handling CSS "style" attribute content
* Fixed CVE-2009-1711: denial of service or arbitrary code execution via
Attr DOM objects improper memory initialization. (Closes: #534946)
* Fixed CVE-2009-1712: arbitrary code execution via remote loading of
local java applets. (Closes: #535793)
* Fixed CVE-2009-1725: improper handling of numeric character references
(Closes: #538346)
* Patch based on work done by Marc Deslauriers <[email protected]>
in Ubuntu, thanks.
* Fixed CVE-2009-1714: Cross-site scripting (XSS) vulnerability in Web
Inspector
* Fixed CVE-2009-1710: Remote attackers can spoof the browser's display of
the host name, security indicators, and unspecified other UI elements via
a custom cursor in conjunction with a modified CSS3 hotspot property.
* Fixed CVE-2009-1697: CRLF injection vulnerability allows remote attackers
to inject HTTP headers and bypass the Same Origin Policy via a crafted
HTML document
* Fixed CVE-2009-1695: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via vectors involving
access to frame contents after completion of a page transition.
* Fixed CVE-2009-1693 and CVE-2009-1694: does not properly handle redirects,
which allows remote attackers to read images from arbitrary web sites via
vectors involving a CANVAS element and redirection
* Fixed CVE-2009-1681: does not prevent web sites from loading third-party
content into a subframe, which allows remote attackers to bypass the Same
Origin Policy and conduct "clickjacking" attacks via a crafted HTML
document.
* Fixed CVE-2009-1684: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via an event handler that
triggers script execution in the context of the next loaded document.
* Fixed CVE-2009-1692: denial of service (memory consumption or device reset)
via a web page containing an HTMLSelectElement object with a large length
attribute, related to the length property of a Select object.
Checksums-Sha1:
84c6fe9a45dd53cf5211bedc5139bb06e445b9a1 1447 webkit_1.0.1-4+lenny2.dsc
bd7b8dec8eb2d1f3545bd92230ad27d5671285ce 13418752 webkit_1.0.1.orig.tar.gz
bf989e21bf7d7bb829173ee8058ba0c24f2e64b4 35369 webkit_1.0.1-4+lenny2.diff.gz
cb59b66fbeffc65cb4231c7f92f4d61a4d9845bc 35164
libwebkit-dev_1.0.1-4+lenny2_all.deb
695bab1bfa0906d7fe99ce27aa906314cbb5db66 3016584
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
df4d5eb6f2529c22b9dd3b34508233223fc25340 62161744
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Checksums-Sha256:
480a9137c4620c92a6cfe110f1734b8136e3c2c924900b6f34dd80b046163cb7 1447
webkit_1.0.1-4+lenny2.dsc
9601ed57978e7f1221f770c24933d2037fdb93e4b412716d842b993507f0b856 13418752
webkit_1.0.1.orig.tar.gz
333c2c20ae64227e1a263672e5c3bac2b2e51a8679f2dd865c272483667cc5d8 35369
webkit_1.0.1-4+lenny2.diff.gz
a1605d1cd8f8a68796601147399f1eefb60af04d89ec82b62ce1ebdbde492841 35164
libwebkit-dev_1.0.1-4+lenny2_all.deb
1c8c66171d2c772b358ec1136a90f53e27a551282e9e4ed74e3493d3f2048784 3016584
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
009003feebd18778168dcfd364d08d9c76001df5fe61977602da374cbe3d7e73 62161744
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Files:
b5f01d6428f01d79bfe18338064452ab 1447 web optional webkit_1.0.1-4+lenny2.dsc
4de68a5773998bea14e8939aa341c466 13418752 web optional webkit_1.0.1.orig.tar.gz
506c8f2fef73a9fc856264f11a3ad27e 35369 web optional
webkit_1.0.1-4+lenny2.diff.gz
df682bbcd13389c2f50002c2aaf7347b 35164 libdevel extra
libwebkit-dev_1.0.1-4+lenny2_all.deb
b854f5294527adac80e9776efed37cd7 3016584 libs optional
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
f89fc6ac6d1110cabe47dd9184c9a9ca 62161744 libdevel extra
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkshY3wACgkQNxpp46476arTNgCfRAlwh209c24VVDe6Hh48odrJ
lxwAoI4WKX2nyLrHy+xvsnTXRA5ZF2ga
=/kz8
-----END PGP SIGNATURE-----
--- End Message ---
