Debian Bug report logs -
#559759
webkit: multiple security issues
Reported by: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sun, 6 Dec 2009 22:36:01 UTC
Severity: serious
Tags: security
Found in version 1.0.1-4
Done: Michael Gilbert <michael.s.gilbert@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#559759; Package webkit.
(Sun, 06 Dec 2009 22:36:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Sun, 06 Dec 2009 22:36:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: webkit
Version: 1.0.1-4
Severity: serious
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for webkit.
CVE-2009-3384[1]:
| Multiple unspecified vulnerabilities in WebKit in Apple Safari before
| 4.0.4 on Windows allow remote FTP servers to execute arbitrary code,
| cause a denial of service (application crash), or obtain sensitive
| information via a crafted directory listing in a reply.
CVE-2009-3272[2]:
| Stack consumption vulnerability in WebKit.dll in WebKit in Apple
| Safari 3.2.3, and possibly other versions before 4.1.2, allows remote
| attackers to cause a denial of service (application crash) via
| JavaScript code that calls eval on a long string composed of A/
| sequences.
CVE-2009-2841[3]:
| WebKit in Apple Safari before 4.0.4 on Mac OS X does not perform the
| expected callbacks for HTML 5 media elements that have external URLs
| for media resources, which allows remote attackers to trigger requests
| to arbitrary web sites via a crafted HTML document, as demonstrated by
| an HTML e-mail message that uses a media element for
| X-Confirm-Reading-To functionality.
CVE-2009-2816[4]:
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit,
| as used in Apple Safari before 4.0.4 and Google Chrome before
| 3.0.195.33, includes certain custom HTTP headers in the OPTIONS
| request during cross-origin operations with preflight, which makes it
| easier for remote attackers to conduct cross-site request forgery
| (CSRF) attacks via a crafted web page.
CVE-2009-2797[5]:
| The WebKit component in Safari in Apple iPhone OS before 3.1, and
| iPhone OS before 3.1.1 for iPod touch, does not remove usernames and
| passwords from URLs sent in Referer headers, which allows remote
| attackers to obtain sensitive information by reading Referer logs on a
| web server.
Some additional notes:
- CVE-2009-3384 is already fixed in unstable.
- lenny's webkit does not contain the vulnerable code in CVE-2009-2816.
- I was unable to find any patch info for CVE-2009-2841 or
CVE-2009-2797, so it is unclear whether debian's webkit is affected or
not (thanks apple...).
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3384
http://security-tracker.debian.org/tracker/CVE-2009-3384
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3272
http://security-tracker.debian.org/tracker/CVE-2009-3272
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2841
http://security-tracker.debian.org/tracker/CVE-2009-2841
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2816
http://security-tracker.debian.org/tracker/CVE-2009-2816
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2797
http://security-tracker.debian.org/tracker/CVE-2009-2797
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#559759; Package webkit.
(Tue, 23 Feb 2010 03:42:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Tue, 23 Feb 2010 03:42:03 GMT) (full text, mbox, link).
Message #10 received at 559759@bugs.debian.org (full text, mbox, reply):
version: 1.1.21-1
i've checked all of these issues, and they are all fixed in the latest
version in unstable. thanks.
mike
Reply sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
You have taken responsibility.
(Tue, 23 Feb 2010 03:57:04 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer.
(Tue, 23 Feb 2010 03:57:04 GMT) (full text, mbox, link).
Message #15 received at 559759-close@bugs.debian.org (full text, mbox, reply):
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#559759; Package webkit.
(Tue, 23 Feb 2010 14:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Gustavo Noronha Silva <kov@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Tue, 23 Feb 2010 14:33:03 GMT) (full text, mbox, link).
Message #20 received at 559759@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Mon, 2010-02-22 at 22:40 -0500, Michael Gilbert wrote:
> version: 1.1.21-1
>
> i've checked all of these issues, and they are all fixed in the latest
> version in unstable. thanks.
Awesome! Did you take notes of what commits fixed them? Also, I assume
you wanted to mail -done?
Thanks!
--
Gustavo Noronha Silva <kov@debian.org>
Debian
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>:
Bug#559759; Package webkit.
(Tue, 23 Feb 2010 16:09:08 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian WebKit Maintainers <pkg-webkit-maintainers@lists.alioth.debian.org>.
(Tue, 23 Feb 2010 16:09:08 GMT) (full text, mbox, link).
Message #25 received at 559759@bugs.debian.org (full text, mbox, reply):
On Tue, 23 Feb 2010 11:30:57 -0300, Gustavo Noronha Silva wrote:
> On Mon, 2010-02-22 at 22:40 -0500, Michael Gilbert wrote:
> > version: 1.1.21-1
> >
> > i've checked all of these issues, and they are all fixed in the latest
> > version in unstable. thanks.
>
> Awesome! Did you take notes of what commits fixed them?
i recorded that in the security tracker [0]. note that CVE-2009-3272 is
still probably open, but it is only a denial-of-service.
> Also, I assume you wanted to mail -done?
yeah, i noticed i forgot the -done and sent another mail shortly after.
mike
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 24 Mar 2010 07:35:45 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:31:18 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon