On Sun, 26 Apr 2009 10:17:22 +0200 Moritz Muehlenhoff wrote: > On Wed, Feb 25, 2009 at 12:38:12AM -0500, Michael Gilbert wrote: > > does this problem (with cookies) really affect the version of webkit in > > debian, which does not currently support cookies (or more accurately > > the libraries in debian are not current enough to support cookies in > > webkit)? > > Gustavo, Mike, > can you confirm that Webkit from Lenny isn't affected by this problem?
webkit 1.0.1-4 in lenny passes their regression test for this particular issue. after reviewing the code [1], the patches primarily appear to fix the mac- and windows-specific cookie handling code and just "clean up" the libsoup-related code. the linux-specific code relies on lipsoup for cookies, and since webkit 1.0.1-4 does not depend on libsoup, i would say that lenny is safe; unless webkit is falling back on one of the other cookie handlers. going forward, someone needs to check whether libsoup is vulnerable or not. i have submitted some questions upstream [2] to get their opinion. [1] http://trac.webkit.org/changeset/38566 [2] https://bugs.webkit.org/show_bug.cgi?id=10957 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org