Bug 20761 - webkit multiple vulnerabilities: CVE-2009-1724, CVE-2009-1725, ...
: webkit multiple vulnerabilities: CVE-2009-1724, CVE-2009-1725, ...
Status: CLOSED FIXED
: Sisyphus
(All bugs in Sisyphus/libwebkit)
: unstable
: all Linux
: P3 normal
Assigned To:
:
: http://support.apple.com/kb/HT3666
: security
:
:
  Show dependency tree
 
Reported: 2009-07-13 11:01 by
Modified: 2009-10-22 23:54 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2009-07-13 11:01:30
* CVE-2009-1724 - An issue in WebKit's handling of the parent and top objects
may result in a cross-site scripting attack when visiting a maliciously crafted
website. This update addresses the issue through improved handling of parent
and top objects.
Fixed in rev 44906 (http://trac.webkit.org/changeset/44906/trunk)

* CVE-2009-1725 - A memory corruption issue exists in WebKit's handling of
numeric character references. Visiting a maliciously crafted website may lead
to an unexpected application termination or arbitrary code execution. This
update addresses the issue through improved handling of numeric character
references. Credit to Chris Evans for reporting this issue.
Fixed in rev 44865 (http://trac.webkit.org/changeset/44865/trunk)

Also several security fixes in svn:
* rev 45731
 https://bugs.webkit.org/show_bug.cgi?id=27136
 Fix a bug where webkit hangs when executing infinite JavaScript loop.

* rev 45696
 https://bugs.webkit.org/show_bug.cgi?id=27110
 REGRESSION: crash in edge cases of floating point parsing.

* rev 45642
https://bugs.webkit.org/show_bug.cgi?id=26918
Tests prevention of injected HTML Base tag.

* rev 45639
https://bugs.webkit.org/show_bug.cgi?id=27071
Resolves issue when HTTP parameters contain null- and  non-null-control-
characters.
------- Comment #1 From 2009-07-14 12:44:54 -------
Новые версии webkit, закрывающие эти ошибки, требуют нового libsoup-2.27.
Надо смотреть, возможно ли сейчас обновить libsoup.
------- Comment #2 From 2009-07-28 07:49:10 -------
(In reply to comment #1)
> Новые версии webkit, закрывающие эти ошибки, требуют нового libsoup-2.27.
> Надо смотреть, возможно ли сейчас обновить libsoup.

Могу libsoup-2.27.4 положить в people/gnome для особо нуждающизся :).
------- Comment #3 From 2009-10-22 23:54:29 -------
fixed libwebkit-1.1.15.2-alt1