Your message dated Thu, 10 Jul 2008 11:41:04 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: [Secure-testing-team] Bug#490127: libwebkit-1.0-1:
CVE-2008-2307 javascript memory corruption security issue
has caused the Debian Bug report #490127,
regarding libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security
issue
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
490127: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=490127
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: libwebkit-1.0-1
Version: 1.0.1-1
Severity: grave
Tags: security
Justification: user security hole
the webkit packages in fedora were recently updated to fix a
memory corruption issue in the javascript handler [1].
i'm not sure if this affects sid since the webkit package no longer
indicates the svn version number, but this should be looked at. it looks
like webkit svn 34655 includes fixes for the problem.
thanks for the hard work.
[1] http://lwn.net/Articles/289257/
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libwebkit-1.0-1 depends on:
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.18.2-5 Multi-protocol file transfer libra
ii libfontconfig1 2.6.0-1 generic font configuration library
ii libfreetype6 2.3.7-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.1-6 GCC support library
ii libglib2.0-0 2.16.4-1 The GLib library of C routines
ii libgtk2.0-0 2.12.11-1 The GTK+ graphical user interface
ii libicu38 3.8.1-2 International Components for Unico
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio
ii libpng12-0 1.2.27-1 PNG library - runtime
ii libsqlite3-0 3.5.9-3 SQLite 3 shared library
ii libstdc++6 4.3.1-6 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxml2 2.6.32.dfsg-2 GNOME XML library
ii libxslt1.1 1.1.24-1 XSLT processing library - runtime
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
libwebkit-1.0-1 recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 1.0.1-1
Hi Michael,
* Michael Gilbert <[EMAIL PROTECTED]> [2008-07-10 11:26]:
> the webkit packages in fedora were recently updated to fix a
> memory corruption issue in the javascript handler [1].
>
> i'm not sure if this affects sid since the webkit package no longer
> indicates the svn version number, but this should be looked at. it looks
> like webkit svn 34655 includes fixes for the problem.
>
> thanks for the hard work.
Thanks for reporting this, this slipped through the
testing-security radar. But I had a look at the 1.0.1 source
code and luckily it's fixed in this version.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpYf47aoEcUl.pgp
Description: PGP signature
--- End Message ---
