Your message dated Sat, 27 Sep 2008 09:02:40 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#499771: fixed in webkit 1.0.1-4
has caused the Debian Bug report #499771,
regarding webkit: several vulnerabilities (CVE-2008-3950 CVE-2008-3632)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
499771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499771
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: webkit
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit.
CVE-2008-3950[0]:
| Off-by-one error in the
| _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in
| WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4
| and 2.0 allows remote attackers to cause a denial of service (browser
| crash) via a JavaScript alert call with an argument that lacks
| breakable characters and has a length that is a multiple of the memory
| page size, leading to an out-of-bounds read.
CVE-2008-3632[1]:
| Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through
| 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to
| execute arbitrary code or cause a denial of service (application
| crash) via a web page with crafted Cascading Style Sheets (CSS) import
| statements.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
Please don't get confused by the very Apple-centric descriptions, it affects
webkit.
A fix for CVE-2008-3632 can be found here[2]. I am not sure about CVE-2008-3950
and it
might not affect the webkit package (I couldn't even find the function
mentioned), but I
thought I'd mention it as well, in case you have more information.
Please also note that webkit has a security mailinglist and it might be
possible for you
as the debian maintainer to get subscribed, so I'd suggest you ask them and
give it a try. :)
Some information about webkit procedures can be found here[3].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3950
http://security-tracker.debian.net/tracker/CVE-2008-3950
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3632
http://security-tracker.debian.net/tracker/CVE-2008-3632
[2] http://trac.webkit.org/changeset/34815
[3] http://webkit.org/blog/184/reporting-webkit-security-bugs/
--- End Message ---
--- Begin Message ---
Source: webkit
Source-Version: 1.0.1-4
We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:
libwebkit-1.0-1-dbg_1.0.1-4_amd64.deb
to pool/main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4_amd64.deb
libwebkit-1.0-1_1.0.1-4_amd64.deb
to pool/main/w/webkit/libwebkit-1.0-1_1.0.1-4_amd64.deb
libwebkit-dev_1.0.1-4_all.deb
to pool/main/w/webkit/libwebkit-dev_1.0.1-4_all.deb
webkit_1.0.1-4.diff.gz
to pool/main/w/webkit/webkit_1.0.1-4.diff.gz
webkit_1.0.1-4.dsc
to pool/main/w/webkit/webkit_1.0.1-4.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mike Hommey <[EMAIL PROTECTED]> (supplier of updated webkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 27 Sep 2008 08:57:48 +0200
Source: webkit
Binary: libwebkit-1.0-1 libwebkit-dev libwebkit-1.0-1-dbg
Architecture: source all amd64
Version: 1.0.1-4
Distribution: unstable
Urgency: high
Maintainer: Debian WebKit Maintainers <[EMAIL PROTECTED]>
Changed-By: Mike Hommey <[EMAIL PROTECTED]>
Description:
libwebkit-1.0-1 - Web content engine library for Gtk+
libwebkit-1.0-1-dbg - Web content engine library for Gtk+ - Debugging symbols
libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 499771
Changes:
webkit (1.0.1-4) unstable; urgency=high
.
* WebCore/dom/Document.*, WebCore/loader/DocLoader.*: Avoid DoS via
crafted CSS import statements. Fixes: CVE-2008-3632. Closes: #499771.
Checksums-Sha1:
0959adda20fdbe262f9884cac8a08900f337bb81 1410 webkit_1.0.1-4.dsc
4ab8947d1690da0d2200054dbb638943dd66164c 26715 webkit_1.0.1-4.diff.gz
ab0b4e1c19ec69e4cb6ec818802f7417f3fd2b19 34002 libwebkit-dev_1.0.1-4_all.deb
0c24c66a42fb088c7f776cf810cfd1c37195de70 3503320
libwebkit-1.0-1_1.0.1-4_amd64.deb
4156cf22f6924128be9ed5b2dbf0780b3d4e9b65 62588162
libwebkit-1.0-1-dbg_1.0.1-4_amd64.deb
Checksums-Sha256:
10dde9be719ac4a2900fd657d7ae033f5541065dcbd3fbe99f02af6dc4640d0d 1410
webkit_1.0.1-4.dsc
06295fd826e28ac60c669f1d6f7fc9150c3d4ddcc496f195a36e27297aa0d562 26715
webkit_1.0.1-4.diff.gz
6c2982494bab35686afb8d737a73a3cbd55b329db0307e12f2c053b8f1521d39 34002
libwebkit-dev_1.0.1-4_all.deb
c43370e6ef9dc2dd678c8f5e3908b43a694f5e2d4e2c4cf59043df1dc46965e3 3503320
libwebkit-1.0-1_1.0.1-4_amd64.deb
42591a4d85d9ce015f2eb9d3a20e5d3d3bf5dab95029b9903d99a6cf1668a7e0 62588162
libwebkit-1.0-1-dbg_1.0.1-4_amd64.deb
Files:
04d7e0961fbae6926b625a456a54ca0a 1410 web optional webkit_1.0.1-4.dsc
187aab11e0422b307630539e2ec30d78 26715 web optional webkit_1.0.1-4.diff.gz
2e7e66e1b7a402c90671b4172b7a3d1e 34002 libdevel extra
libwebkit-dev_1.0.1-4_all.deb
e35173675ff3a9f4103c7159fd5d600c 3503320 libs optional
libwebkit-1.0-1_1.0.1-4_amd64.deb
a92b61baaa83cc12c94f01cc285b77d6 62588162 libdevel extra
libwebkit-1.0-1-dbg_1.0.1-4_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI3ePz3kvaLFT9KlgRAskTAJ9Evv+yD8XqOKns00CsUQSj8rvESgCggs49
0gAcflvddN/K8MQMuw2/R0k=
=lm3Y
-----END PGP SIGNATURE-----
--- End Message ---
