20761 2009-07-13 11:01:30 +0400 webkit multiple vulnerabilities: CVE-2009-1724, CVE-2009-1725, ... 2009-10-22 23:54:29 +0400 1 1 4 Development Sisyphus libwebkit unstable all Linux CLOSED FIXED http://support.apple.com/kb/HT3666 security P3 normal --- 1 crux shaba aris shaba qa-sisyphus oldest_to_newest 94589 0 crux 2009-07-13 11:01:30 +0400 * CVE-2009-1724 - An issue in WebKit's handling of the parent and top objects may result in a cross-site scripting attack when visiting a maliciously crafted website. This update addresses the issue through improved handling of parent and top objects. Fixed in rev 44906 (http://trac.webkit.org/changeset/44906/trunk) * CVE-2009-1725 - A memory corruption issue exists in WebKit's handling of numeric character references. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved handling of numeric character references. Credit to Chris Evans for reporting this issue. Fixed in rev 44865 (http://trac.webkit.org/changeset/44865/trunk) Also several security fixes in svn: * rev 45731 https://bugs.webkit.org/show_bug.cgi?id=27136 Fix a bug where webkit hangs when executing infinite JavaScript loop. * rev 45696 https://bugs.webkit.org/show_bug.cgi?id=27110 REGRESSION: crash in edge cases of floating point parsing. * rev 45642 https://bugs.webkit.org/show_bug.cgi?id=26918 Tests prevention of injected HTML Base tag. * rev 45639 https://bugs.webkit.org/show_bug.cgi?id=27071 Resolves issue when HTTP parameters contain null- and non-null-control- characters. 94646 1 shaba 2009-07-14 12:44:54 +0400 Новые версии webkit, закрывающие эти ошибки, требуют нового libsoup-2.27. Надо смотреть, возможно ли сейчас обновить libsoup. 95369 2 aris 2009-07-28 07:49:10 +0400 (In reply to comment #1) > Новые версии webkit, закрывающие эти ошибки, требуют нового libsoup-2.27. > Надо смотреть, возможно ли сейчас обновить libsoup. Могу libsoup-2.27.4 положить в people/gnome для особо нуждающизся :). 102009 3 shaba 2009-10-22 23:54:29 +0400 fixed libwebkit-1.1.15.2-alt1