On Mon, Oct 18, 2010 at 11:52:40AM -0200, Gustavo Noronha Silva wrote: > Version: 1.2.5-1 > > Hey, > > On Sun, 2010-10-17 at 22:27 +0200, Moritz Muehlenhoff wrote: > > On Mon, Oct 11, 2010 at 07:50:48PM +0200, Moritz Muehlenhoff wrote: > > > Package: webkit > > > Severity: grave > > > Tags: security > > > > > > The following security issues need to be fixed in Webkit: > > > > > > http://security-tracker.debian.org/tracker/CVE-2010-1807 > > > http://security-tracker.debian.org/tracker/CVE-2010-2646 > > > http://security-tracker.debian.org/tracker/CVE-2010-2651 > > > http://security-tracker.debian.org/tracker/CVE-2010-3115 > > > > > > Also, the status of #532514 should finally be resolved > > > for Squeeze. > > > > People were claming that Webkit would be more maintainable > > and supported then the version in Lenny. > > > > Still, there's no followup from the maintainers since a week. > > I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after > having worked on getting many CVEs handled upstream. Michael Gilbert > also worked on a few more CVEs for the Debian package. The package I > finished uploading this morning has the following CVEs handled, from > upstream:
Thanks for the upload. There's a huge amount of vulnerabilities which need to be checked for Webkit on top of these. Shall I open a new bug? CVE-2009-2068 CVE-2009-3011 CVE-2010-1131 CVE-2010-1384 CVE-2010-1403 CVE-2010-1750 CVE-2010-1757 CVE-2010-1769 CVE-2010-1781 CVE-2010-1783 CVE-2010-1805 CVE-2010-1806 CVE-2010-1823 CVE-2010-1824 CVE-2010-1825 CVE-2010-1992 CVE-2010-2120 CVE-2010-2264 CVE-2010-3246 CVE-2010-3248 CVE-2010-3249 CVE-2010-3252 CVE-2010-3253 CVE-2010-3254 CVE-2010-3255 CVE-2010-3415 CVE-2010-3416 CVE-2010-3730 CVE-2010-4033 CVE-2010-4034 CVE-2010-4035 CVE-2010-4036 CVE-2010-4037 CVE-2010-4038 CVE-2010-4039 CVE-2010-4040 CVE-2010-4041 CVE-2010-4042 It is very important that more people get involved in webkit maintenance, especially with regard to the backports needed for Squeeze and given that it represents the web engine for the browser installed in the standard desktop task. Could you maybe send a RFH to debian-devel-announce? How long will the 1.2 branch be supported by upstream? > About #532514 this is how we generate random numbers (see > http://trac.webkit.org/browser/trunk/JavaScriptCore/wtf/RandomNumber.cpp#L70): I will check this in a few days and update the bug accordingly. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
