Debian Bug report logs -
#538402
CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit
Reported by: Luciano Bello <luciano@debian.org>
Date: Sat, 25 Jul 2009 15:24:01 UTC
Severity: grave
Tags: security
Found in version 1.1.10-2
Fixed in version webkit/1.1.13-1
Done: Gustavo Noronha Silva <kov@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#538402; Package webkit.
(Sat, 25 Jul 2009 15:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Luciano Bello <luciano@debian.org>:
New Bug report received and forwarded. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Sat, 25 Jul 2009 15:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1724[0]:
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbitrary web script or
| HTML via vectors related to parent and top objects.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
http://security-tracker.debian.net/tracker/CVE-2009-1724
[1] http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
Reply sent
to Gustavo Noronha Silva <kov@debian.org>:
You have taken responsibility.
(Tue, 25 Aug 2009 17:57:10 GMT) (full text, mbox, link).
Notification sent
to Luciano Bello <luciano@debian.org>:
Bug acknowledged by developer.
(Tue, 25 Aug 2009 17:57:10 GMT) (full text, mbox, link).
Message #10 received at 538402-close@bugs.debian.org (full text, mbox, reply):
Source: webkit
Source-Version: 1.1.13-1
We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:
libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
to pool/main/w/webkit/libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
libwebkit-1.0-2_1.1.13-1_amd64.deb
to pool/main/w/webkit/libwebkit-1.0-2_1.1.13-1_amd64.deb
libwebkit-1.0-common_1.1.13-1_all.deb
to pool/main/w/webkit/libwebkit-1.0-common_1.1.13-1_all.deb
libwebkit-dev_1.1.13-1_all.deb
to pool/main/w/webkit/libwebkit-dev_1.1.13-1_all.deb
webkit_1.1.13-1.diff.gz
to pool/main/w/webkit/webkit_1.1.13-1.diff.gz
webkit_1.1.13-1.dsc
to pool/main/w/webkit/webkit_1.1.13-1.dsc
webkit_1.1.13.orig.tar.gz
to pool/main/w/webkit/webkit_1.1.13.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 538402@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gustavo Noronha Silva <kov@debian.org> (supplier of updated webkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 24 Aug 2009 21:25:59 -0300
Source: webkit
Binary: libwebkit-1.0-2 libwebkit-dev libwebkit-1.0-common libwebkit-1.0-2-dbg
Architecture: source all amd64
Version: 1.1.13-1
Distribution: experimental
Urgency: low
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>
Changed-By: Gustavo Noronha Silva <kov@debian.org>
Description:
libwebkit-1.0-2 - Web content engine library for Gtk+
libwebkit-1.0-2-dbg - Web content engine library for Gtk+ - Debugging symbols
libwebkit-1.0-common - Web content engine library for Gtk+ - data files
libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 538346 538402 542272
Changes:
webkit (1.1.13-1) experimental; urgency=low
.
* New upstream release
- security fixes are already included in this release
(Closes: #538346, #538402)
* debian/control:
- update Build-Depends on libsoup to match upstream requirements
(Closes: #542272)
- Bump Build-Depends on libsoup2.4-dev to 2.27.91
* debian/copyright:
- updated with changes since 1.1.12
* debian/libwebkit-1.0-2.symbols:
- new symbols
Checksums-Sha1:
1e24a394cb866590f2a7926cec396de32a1e597c 1858 webkit_1.1.13-1.dsc
640c3d0cb1574887479ce7409e859099c2f3735b 5548276 webkit_1.1.13.orig.tar.gz
c5541c6b640e200f81541fe74e7f39d0b47b843a 19466 webkit_1.1.13-1.diff.gz
2639bdf44ab3bbae1a66aa9a2aaf0669edde7b34 88756 libwebkit-dev_1.1.13-1_all.deb
1f429fda9f537e8bbb3d7bdd2f6aa5ee37468d3c 596472 libwebkit-1.0-common_1.1.13-1_all.deb
4c9af76b8b5aa6e4dfe54802e0c8133cc88b0cf1 5268982 libwebkit-1.0-2_1.1.13-1_amd64.deb
dafff1d498e0ed8cc176e39c464721ecf655ccda 115674578 libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
Checksums-Sha256:
d8a400e40298c0fa24cb376cc5a4b21b69fa0acad14ba99796b71510148fea81 1858 webkit_1.1.13-1.dsc
2efad3ca666d4447f6b990d9a18dea9e30d4bea547b1f3a050df7b32bf162e68 5548276 webkit_1.1.13.orig.tar.gz
2506875cb2ffc274da898a6c740e2fdb1f451eaf671d03599b3e93fa94f35a62 19466 webkit_1.1.13-1.diff.gz
d2c7394370a9c4870f6dac8ef5376bd68807d71d1f6b14fa7154d91400958965 88756 libwebkit-dev_1.1.13-1_all.deb
43208b6c9255accbcc81272d26e858fc5730a9353a72ac8f0f5b62cd41e2a964 596472 libwebkit-1.0-common_1.1.13-1_all.deb
efa37dfa20ec3898dd5a4b64744bac7b580c96ed4d8830cdd08fb3f04a0ea839 5268982 libwebkit-1.0-2_1.1.13-1_amd64.deb
e7e957424e75915ef81e2505f1af16d1cdc8dfd103700f9439390ec777e26e29 115674578 libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
Files:
561dc605f65aa4ce7599c7f487e2563b 1858 web optional webkit_1.1.13-1.dsc
604f4e6220102177c0b0997f4b943980 5548276 web optional webkit_1.1.13.orig.tar.gz
674c46adfc555344c59453cc961f9ab9 19466 web optional webkit_1.1.13-1.diff.gz
d41e6755f5b2dfa4ee1570e9575af637 88756 libdevel extra libwebkit-dev_1.1.13-1_all.deb
80c8881244751c81a5d2c14e2321c634 596472 libs optional libwebkit-1.0-common_1.1.13-1_all.deb
b9324bd18a24c964686e4b0f9b3cf704 5268982 libs optional libwebkit-1.0-2_1.1.13-1_amd64.deb
2339f40223aab5de5d8cb9cbc636589c 115674578 debug extra libwebkit-1.0-2-dbg_1.1.13-1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBCAAGBQJKk1GJAAoJENIA6zCg+12mX6sH/jUIhhXcy5xykdrLZza9vp8+
ncXKLFMExc2BKYzSoZ7u/4x/odrk9YFkg7GJ5Cp7+zPJRCtLFjXn2Cq7JbPD289x
HjJaMfQ85A+ovdHJ0pzKuyk+2es9nF5EE47mCSQIeKaYsTyyVUf/A7VBs5l+2kYF
Vwy4BfaMou9gaqpad3lEHC2tNiGC2cxdFu+eteQCqxrOQDD75BYbLwvPz8oxhInw
j2/usTUkffatIvmIIznsFoph9L2AXRfIgSvarUuJ05ydiZ3vtHPisMFlB6g6r9fi
iWFoPsi0Ysj+hFaqmdQkNQ0h4KfStRBJOcp2Y/n0BsXctKJXAlCfTGA/vSfLVao=
=NwL6
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Thu, 29 Oct 2009 07:57:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:52:12 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon