Debian Bug report logs -
#574064
webkit: CVE-2010-0046 through CVE-2010-0054 (multiple vulnerabilities)
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Tue, 16 Mar 2010 02:30:01 UTC
Severity: grave
Tags: security
Found in version webkit/1.0.1-4
Fixed in version webkit/1.1.90-1
Done: Gustavo Noronha Silva <kov@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#574064; Package src:webkit.
(Tue, 16 Mar 2010 02:30:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Tue, 16 Mar 2010 02:30:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: webkit
Version: 1.0.1-4
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit. Apple's report is once again notoriously sparse,
so I can't determine whether debian's webkit packages are affected.
Perhaps more info is available to those with access to the webkit
security list.
CVE-2010-0046[0]:
| The Cascading Style Sheets (CSS) implementation in WebKit in Apple
| Safari before 4.0.5 allows remote attackers to execute arbitrary code
| or cause a denial of service (memory corruption and application crash)
| via crafted format arguments.
CVE-2010-0047[1]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to "HTML object
| element fallback content."
CVE-2010-0048[2]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via a crafted XML document.
CVE-2010-0049[3]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via HTML elements with right-to-left (RTL)
| text directionality.
CVE-2010-0050[4]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via an HTML document with improperly
| nested tags.
CVE-2010-0051[5]:
| WebKit in Apple Safari before 4.0.5 does not properly validate the
| cross-origin loading of stylesheets, which allows remote attackers to
| obtain sensitive information via a crafted HTML document. NOTE: this
| might overlap CVE-2010-0651.
CVE-2010-0052[6]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to "callbacks for HTML
| elements."
CVE-2010-0053[7]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors related to the run-in
| Cascading Style Sheets (CSS) display property.
CVE-2010-0054[8]:
| Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5
| allows remote attackers to execute arbitrary code or cause a denial of
| service (application crash) via vectors involving HTML IMG elements.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0046
http://security-tracker.debian.org/tracker/CVE-2010-0046
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0047
http://security-tracker.debian.org/tracker/CVE-2010-0047
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0048
http://security-tracker.debian.org/tracker/CVE-2010-0048
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0049
http://security-tracker.debian.org/tracker/CVE-2010-0049
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0050
http://security-tracker.debian.org/tracker/CVE-2010-0050
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0051
http://security-tracker.debian.org/tracker/CVE-2010-0051
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0052
http://security-tracker.debian.org/tracker/CVE-2010-0052
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0053
http://security-tracker.debian.org/tracker/CVE-2010-0053
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0054
http://security-tracker.debian.org/tracker/CVE-2010-0054
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#574064; Package src:webkit.
(Sat, 27 Mar 2010 16:30:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Sat, 27 Mar 2010 16:30:02 GMT) (full text, mbox, link).
Message #10 received at 574064@bugs.debian.org (full text, mbox, reply):
fixed 574064 1.1.90-1
thanks
i have checked. all of these issues are fixed in the latest webkit.
note that stable's webkit is still vulnerable to these and many other
old webkit issues [0]. perhaps it should be removed from lenny since
there is no ongoing security work?
mike
[0] http://security-tracker.debian.org/tracker/source-package/webkit
Bug Marked as fixed in versions webkit/1.1.90-1.
Request was from Michael Gilbert <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Sat, 27 Mar 2010 16:30:08 GMT) (full text, mbox, link).
Reply sent
to Gustavo Noronha Silva <kov@debian.org>:
You have taken responsibility.
(Wed, 29 Sep 2010 00:24:04 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Wed, 29 Sep 2010 00:24:04 GMT) (full text, mbox, link).
Message #17 received at 574064-done@bugs.debian.org (full text, mbox, reply):
Package: webkit
Version: 1.1.90-1
Already marked as fixed, but not closed. Closing.
--
Gustavo Noronha Silva <kov@debian.org>
Debian Project
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 07 Mar 2011 09:33:49 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:11:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon