webkit 1.0.1-4ubuntu0.1 source package in Ubuntu

Changelog

webkit (1.0.1-4ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: remote code execution via document with a SVGPathList
    data structure containing a negative index.
    - WebCore/svg/SVGList.h: make sure index is valid.
    - http://trac.webkit.org/changeset/43590
    - http://trac.webkit.org/changeset/43795
    - CVE-2009-0945
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    JavaScript garbage collector allocation failures.
    - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
    - http://trac.webkit.org/changeset/41854
    - CVE-2009-1687
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    use-after-free.
    - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
      element.
    - http://trac.webkit.org/changeset/42532
    - CVE-2009-1690
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    attr function call with a large numerical argument.
    - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
    - http://trac.webkit.org/changeset/42081
    - CVE-2009-1698
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    Attr DOM objects improper memory initialization.
    - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
      MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
      WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
      SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
    - http://trac.webkit.org/changeset/36918
    - CVE-2009-1711
  * SECURITY UPDATE: arbitrary code execution via remote loading of
    local java applets.
    - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
      Use same rule for loading java applets as webkit does for images.
    - http://trac.webkit.org/changeset/41568
    - CVE-2009-1712
  * SECURITY UPDATE: denial of service or arbitrary code execution via
    numeric character references.
    - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
    - http://trac.webkit.org/changeset/44799
    - CVE-2009-1725

 -- Marc Deslauriers <email address hidden>   Tue, 22 Sep 2009 08:47:11 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2009-09-22
Uploaded to:
Jaunty
Original maintainer:
Ubuntu Development Team
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
webkit_1.0.1.orig.tar.gz 12.8 MiB 9601ed57978e7f1221f770c24933d2037fdb93e4b412716d842b993507f0b856
webkit_1.0.1-4ubuntu0.1.diff.gz 30.2 KiB 048be85c43dd0963ccb338957230a196011ef960b3b693a885ee0a072aa8fed5
webkit_1.0.1-4ubuntu0.1.dsc 1.5 KiB b2abaee513b736a2166bd08c82fcfdcb351ad8d0b49c3abab5fa774e26084ea9

View changes file

Binary packages built by this source

libwebkit-1.0-1: No summary available for libwebkit-1.0-1 in ubuntu jaunty.

No description available for libwebkit-1.0-1 in ubuntu jaunty.

libwebkit-1.0-1-dbg: No summary available for libwebkit-1.0-1-dbg in ubuntu jaunty.

No description available for libwebkit-1.0-1-dbg in ubuntu jaunty.

libwebkit-dev: No summary available for libwebkit-dev in ubuntu jaunty.

No description available for libwebkit-dev in ubuntu jaunty.