-
webkit (1.0.1-4ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: remote code execution via document with a SVGPathList
data structure containing a negative index.
- WebCore/svg/SVGList.h: make sure index is valid.
- http://trac.webkit.org/changeset/43590
- http://trac.webkit.org/changeset/43795
- CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
JavaScript garbage collector allocation failures.
- JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
- http://trac.webkit.org/changeset/41854
- CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
use-after-free.
- WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
element.
- http://trac.webkit.org/changeset/42532
- CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
attr function call with a large numerical argument.
- WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
- http://trac.webkit.org/changeset/42081
- CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
Attr DOM objects improper memory initialization.
- WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
- http://trac.webkit.org/changeset/36918
- CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
local java applets.
- WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
Use same rule for loading java applets as webkit does for images.
- http://trac.webkit.org/changeset/41568
- CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
numeric character references.
- WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
- http://trac.webkit.org/changeset/44799
- CVE-2009-1725
-- Marc Deslauriers <email address hidden> Tue, 22 Sep 2009 08:47:11 -0400
-
webkit (1.0.1-4) unstable; urgency=high
* WebCore/dom/Document.*, WebCore/loader/DocLoader.*: Avoid DoS via
crafted CSS import statements. Fixes: CVE-2008-3632. Closes: #499771.
webkit (1.0.1-3) unstable; urgency=low
* WebCore/platform/graphics/gtk/FontCacheGtk.cpp,
WebCore/platform/graphics/gtk/FontGtk.cpp,
WebCore/platform/graphics/gtk/FontPlatformData.h,
WebCore/platform/graphics/gtk/FontPlatformDataGtk.cpp,
WebCore/platform/graphics/gtk/SimpleFontDataGtk.cpp: cherry-picked change
from SVN revision 36309 to fix various font selection problems.
Closes: #464477.
-- Ubuntu Archive Auto-Sync <email address hidden> Wed, 05 Nov 2008 18:04:40 +0000
-
webkit (1.0.1-2) unstable; urgency=low
* symbols.filter: As a workaround for #490173, hide all C++ mangled symbols.
This will be enough for now, while fixing FTBFS on ARM.
* debian/rules: Build with -Wl,--no-relax on alpha, to work around a
binutils bug causing FTBFS.
webkit (1.0.1-1) unstable; urgency=low
* New upstream release. Closes: #489385.
* debian/copyright:
- Updated to fit additions/removals of files upstream.
- Updated where the source was gotten.
- Fixed typos for Collabora. Closes: #484661.
* JavaScriptCore/wtf/FastMalloc.cpp, JavaScriptCore/wtf/ListHashSet.h,
JavaScriptCore/wtf/Platform.h, JavaScriptCore/wtf/Vector.h,
WebCore/platform/text/AtomicString.cpp,
WebCore/platform/text/StringHash.h: Fixed some alignment problems on sparc
(and some that might occur on arm, too). Closes: #487745. Some compiler
warnings about alignment remain, but I don't know if they are a real
problem yet.
* debian/control:
- Added build dependency on libxt-dev.
- Relax libwebkit-dev dependency on libwebkit-1.0-1.
- Bumped Standards-Version to 3.8.0.1. No changes.
* WebCore/page/gtk/AXObjectCacheAtk.cpp: Include stdio.h to avoid FTBFS
because of undefined printf.
* GNUmakefile.am, symbols.filter: Filter out all std::* symbols exported
because of stl headers.
* debian/libwebkit-1.0-1.symbols: Add symbols file.
* debian/rules: Bump shlibs because of some new symbols.
-- Sebastien Bacher <email address hidden> Mon, 14 Jul 2008 11:08:08 +0100
