Your message dated Thu, 17 Dec 2009 00:54:46 +0000
with message-id <[email protected]>
and subject line Bug#532725: fixed in webkit 1.0.1-4+lenny2
has caused the Debian Bug report #532725,
regarding webkit: CVE-2009-0945: Array index error in the insertItemBefore
method in WebKit
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
532725: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532725
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libwebkit-1.0-1
Version: 1.0.1-4+b1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libwebkit-1.0-1.
CVE-2009-0945[0]:
| Array index error in the insertItemBefore method in WebKit, as used in
| Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before
| 1.0.154.65, and possibly other products allows remote attackers to
| execute arbitrary code via a document with a SVGPathList data
| structure containing a negative index in the (1) SVGTransformList, (2)
| SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5)
| SVGPointList, or (6) SVGLengthList SVGList object, which triggers
| memory corruption.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
You could find a PoC in http://bugs.gentoo.org/271861 . The bug looks fixed in
libwebkit-1.0-2.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
http://security-tracker.debian.net/tracker/CVE-2009-0945
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: webkit
Source-Version: 1.0.1-4+lenny2
We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
to main/w/webkit/libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
libwebkit-dev_1.0.1-4+lenny2_all.deb
to main/w/webkit/libwebkit-dev_1.0.1-4+lenny2_all.deb
webkit_1.0.1-4+lenny2.diff.gz
to main/w/webkit/webkit_1.0.1-4+lenny2.diff.gz
webkit_1.0.1-4+lenny2.dsc
to main/w/webkit/webkit_1.0.1-4+lenny2.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[email protected]> (supplier of updated webkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 10 Dec 2009 20:41:40 +0100
Source: webkit
Binary: libwebkit-1.0-1 libwebkit-dev libwebkit-1.0-1-dbg
Architecture: source all i386
Version: 1.0.1-4+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian WebKit Maintainers
<[email protected]>
Changed-By: Giuseppe Iuculano <[email protected]>
Description:
libwebkit-1.0-1 - Web content engine library for Gtk+
libwebkit-1.0-1-dbg - Web content engine library for Gtk+ - Debugging symbols
libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 532724 532725 534946 535793 538346
Changes:
webkit (1.0.1-4+lenny2) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed FTBFS on arm and powerpc: include limits.h for a definition of
ULONG_MAX introduced in CVE-2009-1687 patch.
.
webkit (1.0.1-4+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-0945: NULL-pointer dereference in the SVGList interface
implementation (Closes: #532724, #532725)
* Fixed CVE-2009-1687: Integer overflow in JavaScript garbage collector
* Fixed CVE-2009-1690: Incorrect handling <head> element content once the
<head> element was removed
* Fixed CVE-2009-1698: incorrect handling CSS "style" attribute content
* Fixed CVE-2009-1711: denial of service or arbitrary code execution via
Attr DOM objects improper memory initialization. (Closes: #534946)
* Fixed CVE-2009-1712: arbitrary code execution via remote loading of
local java applets. (Closes: #535793)
* Fixed CVE-2009-1725: improper handling of numeric character references
(Closes: #538346)
* Patch based on work done by Marc Deslauriers <[email protected]>
in Ubuntu, thanks.
* Fixed CVE-2009-1714: Cross-site scripting (XSS) vulnerability in Web
Inspector
* Fixed CVE-2009-1710: Remote attackers can spoof the browser's display of
the host name, security indicators, and unspecified other UI elements via
a custom cursor in conjunction with a modified CSS3 hotspot property.
* Fixed CVE-2009-1697: CRLF injection vulnerability allows remote attackers
to inject HTTP headers and bypass the Same Origin Policy via a crafted
HTML document
* Fixed CVE-2009-1695: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via vectors involving
access to frame contents after completion of a page transition.
* Fixed CVE-2009-1693 and CVE-2009-1694: does not properly handle redirects,
which allows remote attackers to read images from arbitrary web sites via
vectors involving a CANVAS element and redirection
* Fixed CVE-2009-1681: does not prevent web sites from loading third-party
content into a subframe, which allows remote attackers to bypass the Same
Origin Policy and conduct "clickjacking" attacks via a crafted HTML
document.
* Fixed CVE-2009-1684: Cross-site scripting (XSS) vulnerability allows remote
attackers to inject arbitrary web script or HTML via an event handler that
triggers script execution in the context of the next loaded document.
* Fixed CVE-2009-1692: denial of service (memory consumption or device reset)
via a web page containing an HTMLSelectElement object with a large length
attribute, related to the length property of a Select object.
Checksums-Sha1:
84c6fe9a45dd53cf5211bedc5139bb06e445b9a1 1447 webkit_1.0.1-4+lenny2.dsc
bd7b8dec8eb2d1f3545bd92230ad27d5671285ce 13418752 webkit_1.0.1.orig.tar.gz
bf989e21bf7d7bb829173ee8058ba0c24f2e64b4 35369 webkit_1.0.1-4+lenny2.diff.gz
cb59b66fbeffc65cb4231c7f92f4d61a4d9845bc 35164
libwebkit-dev_1.0.1-4+lenny2_all.deb
695bab1bfa0906d7fe99ce27aa906314cbb5db66 3016584
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
df4d5eb6f2529c22b9dd3b34508233223fc25340 62161744
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Checksums-Sha256:
480a9137c4620c92a6cfe110f1734b8136e3c2c924900b6f34dd80b046163cb7 1447
webkit_1.0.1-4+lenny2.dsc
9601ed57978e7f1221f770c24933d2037fdb93e4b412716d842b993507f0b856 13418752
webkit_1.0.1.orig.tar.gz
333c2c20ae64227e1a263672e5c3bac2b2e51a8679f2dd865c272483667cc5d8 35369
webkit_1.0.1-4+lenny2.diff.gz
a1605d1cd8f8a68796601147399f1eefb60af04d89ec82b62ce1ebdbde492841 35164
libwebkit-dev_1.0.1-4+lenny2_all.deb
1c8c66171d2c772b358ec1136a90f53e27a551282e9e4ed74e3493d3f2048784 3016584
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
009003feebd18778168dcfd364d08d9c76001df5fe61977602da374cbe3d7e73 62161744
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
Files:
b5f01d6428f01d79bfe18338064452ab 1447 web optional webkit_1.0.1-4+lenny2.dsc
4de68a5773998bea14e8939aa341c466 13418752 web optional webkit_1.0.1.orig.tar.gz
506c8f2fef73a9fc856264f11a3ad27e 35369 web optional
webkit_1.0.1-4+lenny2.diff.gz
df682bbcd13389c2f50002c2aaf7347b 35164 libdevel extra
libwebkit-dev_1.0.1-4+lenny2_all.deb
b854f5294527adac80e9776efed37cd7 3016584 libs optional
libwebkit-1.0-1_1.0.1-4+lenny2_i386.deb
f89fc6ac6d1110cabe47dd9184c9a9ca 62161744 libdevel extra
libwebkit-1.0-1-dbg_1.0.1-4+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkshY3wACgkQNxpp46476arTNgCfRAlwh209c24VVDe6Hh48odrJ
lxwAoI4WKX2nyLrHy+xvsnTXRA5ZF2ga
=/kz8
-----END PGP SIGNATURE-----
--- End Message ---
