package: libwebkit-1.0-1 severity: grave tags: security it has been found that webkit is vulnerable to a cross-site scripting vulnerability, see CVE-2008-4723 [1].
note that certain extensions are protected and others are not. for example, the attack does not work for files with the jpg or txt extension. however, the attack seems to work for general extensions such as odp, xls, etc (probably because webkit does not have a proper download that would appropriately handle general extensions yet). if you fix these vulnerabilities, please make sure to include the CVE id in your changelog. please contact the security team to coordinate a fix for stable and/or if you have any questions. regards, mike [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4723 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
