Bug#586547: marked as done (webkit: CVE-2010-2304 memory corruption in rendering of list markers)

Mon, 12 Jul 2010 16:51:22 -0700 

Your message dated Mon, 12 Jul 2010 23:47:31 +0000
with message-id <e1oysih-0001oq...@franck.debian.org>
and subject line Bug#586547: fixed in webkit 1.2.2-1
has caused the Debian Bug report #586547,
regarding webkit: CVE-2010-2304 memory corruption in rendering of list markers
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
586547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586547
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: webkit
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.

CVE-2010-2304[0]:
| The toAlphabetic function in rendering/RenderListMarker.cpp in WebCore
| in WebKit in Google Chrome before 5.0.375.70 allows remote attackers
| to cause a denial of service (memory corruption) or possibly execute
| arbitrary code via vectors related to list markers, aka rdar problem
| 8009118.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

The upstream patch to fix this issue applies fine to the version in Debian
and is available on:
http://src.chromium.org/viewvc/chrome/branches/WebKit/375/WebCore/rendering/RenderListMarker.cpp?r1=48100&r2=48099

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2304
    http://security-tracker.debian.org/tracker/CVE-2010-2304

-- 
Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgp8MCGUT70hM.pgp
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: webkit
Source-Version: 1.2.2-1

We believe that the bug you reported is fixed in the latest version of
webkit, which is due to be installed in the Debian FTP archive:

gir1.0-webkit-1.0_1.2.2-1_amd64.deb
  to main/w/webkit/gir1.0-webkit-1.0_1.2.2-1_amd64.deb
libwebkit-1.0-2-dbg_1.2.2-1_amd64.deb
  to main/w/webkit/libwebkit-1.0-2-dbg_1.2.2-1_amd64.deb
libwebkit-1.0-2_1.2.2-1_amd64.deb
  to main/w/webkit/libwebkit-1.0-2_1.2.2-1_amd64.deb
libwebkit-1.0-common_1.2.2-1_all.deb
  to main/w/webkit/libwebkit-1.0-common_1.2.2-1_all.deb
libwebkit-dev_1.2.2-1_amd64.deb
  to main/w/webkit/libwebkit-dev_1.2.2-1_amd64.deb
webkit_1.2.2-1.debian.tar.gz
  to main/w/webkit/webkit_1.2.2-1.debian.tar.gz
webkit_1.2.2-1.dsc
  to main/w/webkit/webkit_1.2.2-1.dsc
webkit_1.2.2.orig.tar.gz
  to main/w/webkit/webkit_1.2.2.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 586...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Gustavo Noronha Silva <k...@debian.org> (supplier of updated webkit package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 12 Jul 2010 15:23:17 -0300
Source: webkit
Binary: libwebkit-1.0-2 libwebkit-dev libwebkit-1.0-common libwebkit-1.0-2-dbg 
gir1.0-webkit-1.0
Architecture: source all amd64
Version: 1.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian WebKit Maintainers 
<pkg-webkit-maintain...@lists.alioth.debian.org>
Changed-By: Gustavo Noronha Silva <k...@debian.org>
Description: 
 gir1.0-webkit-1.0 - GObject introspection data for the WebKit library
 libwebkit-1.0-2 - Web content engine library for Gtk+
 libwebkit-1.0-2-dbg - Web content engine library for Gtk+ - Debugging symbols
 libwebkit-1.0-common - Web content engine library for Gtk+ - data files
 libwebkit-dev - Web content engine library for Gtk+ - Development files
Closes: 586547
Changes: 
 webkit (1.2.2-1) unstable; urgency=low
 .
   [ Michael Gilbert ]
   * Turn direct source changes into a patch.
   * Fix cve-2010-1386: geolocation information disclosure.
   * Fix cve-2010-1392: possible code execution in html button logic.
   * Fix cve-2010-1405: possible code execution in vertical positioning logic.
   * Fix cve-2010-1407: iframe information disclosure.
   * Fix cve-2010-1416: svg cross-site information disclosure.
   * Fix cve-2010-1417: possible code execution in the css implementation (this
     is currently duplicated as cve-2010-1665 in mitre's cve database).
   * Fix cve-2010-1418: remote web script and/or html injection.
   * Fix cve-2010-1421: remote modification of clipboard contents.
   * Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
     cve-2010-2295 in mitre's cve database).
   * Fix cve-2010-1501: add check to prevent cross-site request forgery (this
     may be duplicated as cve-2010-1767 in mitre's cve database).
   * Fix cve-2010-1664: possible code execution due to improper html5 media
     handling.
   * Fix cve-2010-1758: possible code execution in xml dom processor.
   * Fix cve-2010-1759: another possible code execution issue in the xml dom
     processor (this is duplicated as cve-2010-2300 in mitre's database).
   * Fix cve-2010-1760: user credential information disclosure.
   * Fix cve-2010-1761: possible code execution in frameview logic.
   * Fix cve-2010-1762: webscript and/or html injection using the textarea
     element (this is duplicated as cve-2010-2301 in mitre's database).
   * Fix cve-2010-1770: possible code execution due to improper handling of the
     ibm1147 character set.
   * Fix cve-2010-1771: possible code execution due to improper font handling
     (this is duplicated as cve-2010-2302 in mitre's database).
   * Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
     duplicated as cve-2010-2303 in mitre's database).
   * Fix cve-2010-1773: integer overflow in alphabet conversion (this is
     duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
     closes: #586547.
   * Fix cve-2010-1774: integer overflow in table layout handling (this is
     duplicated as cve-2010-2297 in mitre's database).
 .
   [ Gustavo Noronha Silva ]
   * New upstream release
   - adds a new symbol, fixed symbols file to include it
   * debian/patches/01-fix-bashism-in-build.patch:
   - removed, no longer needed
Checksums-Sha1: 
 b239bae578cc35d5658947789c4de9b7d9517216 2004 webkit_1.2.2-1.dsc
 28198f6ddf88ae7b09d73b04a168317c05b2797d 6600341 webkit_1.2.2.orig.tar.gz
 d7e1f8efb0038996aa2eb5493dcdabe26e58991f 41807 webkit_1.2.2-1.debian.tar.gz
 4a04925ff27b5162853aaa69b1201c3e227fd91a 784834 
libwebkit-1.0-common_1.2.2-1_all.deb
 4c53718a49150471cb33e460090f7c9271560084 5760702 
libwebkit-1.0-2_1.2.2-1_amd64.deb
 58ce43d5ddd532d4b0f904c1960020904598b37d 129262 libwebkit-dev_1.2.2-1_amd64.deb
 0b986d016ce788d61c2c6d5a1d8bdc78ddcf8133 139147112 
libwebkit-1.0-2-dbg_1.2.2-1_amd64.deb
 5148319c1381661102a85b5cd31dd02efdbe4292 30944 
gir1.0-webkit-1.0_1.2.2-1_amd64.deb
Checksums-Sha256: 
 612e94d54cc9b5ce1ab5c6a7821672f4fc875a67f519e5ad406245f4fb43d6b1 2004 
webkit_1.2.2-1.dsc
 638c4159abf0ccacdc7f401560f558888a40bf701b0bf65923a4853ff6d7b8e2 6600341 
webkit_1.2.2.orig.tar.gz
 9819614f29b7f7ec7cbcbdda73b8c8a93ea1f0aa2548beb97aa1bd8c290ff601 41807 
webkit_1.2.2-1.debian.tar.gz
 981db894ebf81fb10a55f3af67dc01a31c0532b9a0f5d1e8cfaf27d40264e473 784834 
libwebkit-1.0-common_1.2.2-1_all.deb
 ce58d277872f06e3e83646d04a21a55706be5dfabc2e5ba3f2e5b77697d6d7fc 5760702 
libwebkit-1.0-2_1.2.2-1_amd64.deb
 793d40f298632f69fb1dfad934228f9a1914e81c036678e7f8eb954102147e6d 129262 
libwebkit-dev_1.2.2-1_amd64.deb
 bf1b84214c4a5a633d49947920227da0fef3cf67ac596ce90eaea2ad38e9c32e 139147112 
libwebkit-1.0-2-dbg_1.2.2-1_amd64.deb
 646767b0e73e01f3ba36bb369f42314c823d932a6455c40be3b1b4006f49878b 30944 
gir1.0-webkit-1.0_1.2.2-1_amd64.deb
Files: 
 53feee4bb52b29b439fb342dd5362399 2004 web optional webkit_1.2.2-1.dsc
 40338001324a38b977c163291e8816d3 6600341 web optional webkit_1.2.2.orig.tar.gz
 be8790b71ed5caf95f7863ca55f7c333 41807 web optional 
webkit_1.2.2-1.debian.tar.gz
 43c31108445c9d95978040ba2a5344a8 784834 libs optional 
libwebkit-1.0-common_1.2.2-1_all.deb
 45fe2d18897d0ebca4fcfc6bb65eced8 5760702 libs optional 
libwebkit-1.0-2_1.2.2-1_amd64.deb
 a763d0e580a991efa93d5627c6a08c8e 129262 libdevel extra 
libwebkit-dev_1.2.2-1_amd64.deb
 186eec8fea533ae7f4f6d15bc949a859 139147112 debug extra 
libwebkit-1.0-2-dbg_1.2.2-1_amd64.deb
 417ffca577881652664186bd29733edd 30944 libs optional 
gir1.0-webkit-1.0_1.2.2-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBCAAGBQJMO53rAAoJENIA6zCg+12mwUoIAJQOEhCS8BVgEyhHg3s9//4m
EsyFvReRVWacWz23dVJ6UUz5GEmaOV1aKbJO1OmqrV/Ffc5qBkXyvRgrWe891iZj
KgloOwtBaPfGknMRl428rEnBV0ZJMejEY1il3vyOrHx93qK/WLY7PQrroQOTOZIy
hLJF9MLIIsRd33ekakRD2NUD4PwH6HzhMhBHVFoNol5TKSpmBKnKVRoYfh9tFgX8
KSlAjlyZCfaXiyrirvQpPxxja0CAf5oOSxBvBOjcUyD5W/PnsDtGLAEjbTZm2lH0
mczL0F/mWM86z8rFA1Ergfrut49+L25nmEfD/w/wzkK3iz4gSKXtkyojOyoITlA=
=cNck
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to