Your message dated Thu, 29 Apr 2010 22:04:59 -0400
with message-id <20100429220459.1a3c5c0e.michael.s.gilb...@gmail.com>
and subject line re: webkit: CVE-2010-1236 leading url characters issue
has caused the Debian Bug report #577457,
regarding webkit: CVE-2010-1236 leading url characters issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
577457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577457
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: webkit
Version: 1.2.0-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for webkit. Note that the upstream developers may not be
aware of this problem since google's fixes are to KURLGoogle.cpp, which
doesn't exist. However, the vulnerable code is present in the
latest webkit (1.2.0) in KURL.cpp.
CVE-2010-1236[0]:
| Google Chrome before 4.1.249.1036 does not properly restrict
| cross-origin operations, which has unspecified impact and remote
| attack vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1236
http://security-tracker.debian.org/tracker/CVE-2010-1236
--- End Message ---
--- Begin Message ---
even though webkit has the code, it is not affected. the
proof-of-concepts do not work.
--- End Message ---
