Package: webkit Version: 1.0.1-4 Severity: grave Tags: security lenny Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for webkit.
CVE-2009-1698[0]: | WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and | iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a | pointer during handling of a Cascading Style Sheets (CSS) attr | function call with a large numerical argument, which allows remote | attackers to execute arbitrary code or cause a denial of service | (memory corruption and application crash) via a crafted HTML document. CVE-2009-1690[1]: | Use-after-free vulnerability in WebKit, as used in Apple Safari before | 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through | 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows | remote attackers to execute arbitrary code or cause a denial of | service (memory corruption and application crash) by setting an | unspecified property of an HTML tag that causes child elements to be | freed and later accessed when an HTML error occurs, related to | "recursion in certain DOM event handlers." CVE-2009-1687[2]: | The JavaScript garbage collector in WebKit in Apple Safari before 4.0, | iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through | 2.2.1 does not properly handle allocation failures, which allows | remote attackers to execute arbitrary code or cause a denial of | service (memory corruption and application crash) via a crafted HTML | document that triggers write access to an "offset of a NULL pointer." These are already fixed in debian unstable. Please coordinate with the security team (t...@security.debian.org) to prepare packages for the stable releases. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698 http://security-tracker.debian.net/tracker/CVE-2009-1698 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690 http://security-tracker.debian.net/tracker/CVE-2009-1690 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687 http://security-tracker.debian.net/tracker/CVE-2009-1687 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
