Package: libqt4-webkit Version: 4.4.0~rc1-5 Severity: medium Tags: security
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libqt4-webkit. CVE-2008-1025[0]: | Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in | Safari before 3.1.1, allows remote attackers to inject arbitrary web | script or HTML via a crafted URL with a colon in the hostname portion. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1025 http://security-tracker.debian.net/tracker/CVE-2008-1025 A changeset of the modifications needed are here: http://trac.webkit.org/changeset/31438 WebKit-1.0.0-0.8.svn31787 or newer have the code fixed. Kind regards, -- Eder L. Marques Just another weekend hacker http://blog.edermarques.net/ | http://www.debian.org/ http://administrando.net/ | http://www.debianbrasil.org/ http://www.fsfla.org/ | http://www.debian-ce.org/
signature.asc
Description: OpenPGP digital signature