Ubuntu
webkit package

webkit 1.0.1-2ubuntu0.2 source package in Ubuntu

Changelog

webkit (1.0.1-2ubuntu0.2) intrepid-security; urgency=low

  * SECURITY UPDATE: remote code execution via document with a SVGPathList
    data structure containing a negative index.
    - WebCore/svg/SVGList.h: make sure index is valid.
    - http://trac.webkit.org/changeset/43590
    - CVE-2009-0945
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    JavaScript garbage collector allocation failures.
    - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
    - http://trac.webkit.org/changeset/41854
    - CVE-2009-1687
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    use-after-free.
    - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
      element.
    - http://trac.webkit.org/changeset/42532
    - CVE-2009-1690
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    attr function call with a large numerical argument.
    - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
    - http://trac.webkit.org/changeset/42081
    - CVE-2009-1698
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    Attr DOM objects improper memory initialization.
    - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
      MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
      WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
      SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
    - http://trac.webkit.org/changeset/36918
    - CVE-2009-1711
  * SECURITY UPDATE: arbitrary code execution via remote loading of
    local java applets.
    - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
      Use same rule for loading java applets as webkit does for images.
    - http://trac.webkit.org/changeset/41568
    - CVE-2009-1712
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    numeric character references.
    - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
    - http://trac.webkit.org/changeset/44799
    - CVE-2009-1725

 -- Marc Deslauriers <email address hidden>   Tue, 22 Sep 2009 08:49:07 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Intrepid
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
webkit_1.0.1.orig.tar.gz 12.8 MiB 9601ed57978e7f1221f770c24933d2037fdb93e4b412716d842b993507f0b856
webkit_1.0.1-2ubuntu0.2.diff.gz 24.8 KiB edb7213a2751debae18b359a8d5c8d1ae642c44ab54212efa57eb33bd27fb144
webkit_1.0.1-2ubuntu0.2.dsc 1.5 KiB e4a92352daa918d690d795e0c371dce766aeee2eb6d731bea652fec61ebdc2c8

View changes file

Binary packages built by this source

libwebkit-1.0-1: No summary available for libwebkit-1.0-1 in ubuntu intrepid.

No description available for libwebkit-1.0-1 in ubuntu intrepid.

libwebkit-1.0-1-dbg: No summary available for libwebkit-1.0-1-dbg in ubuntu intrepid.

No description available for libwebkit-1.0-1-dbg in ubuntu intrepid.

libwebkit-dev: No summary available for libwebkit-dev in ubuntu intrepid.

No description available for libwebkit-dev in ubuntu intrepid.