Package: webkit Version: 1.2.0-1 Severity: serious Tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for webkit. Note that the upstream developers may not be aware of this problem since google's fixes are to KURLGoogle.cpp, which doesn't exist. However, the vulnerable code is present in the latest webkit (1.2.0) in KURL.cpp. CVE-2010-1236[0]: | Google Chrome before 4.1.249.1036 does not properly restrict | cross-origin operations, which has unspecified impact and remote | attack vectors. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1236 http://security-tracker.debian.org/tracker/CVE-2010-1236 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
