[ubuntu/maverick] webkit 1.2.3-1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Jul 16 10:40:31 BST 2010
webkit (1.2.3-1) unstable; urgency=low
* New upstream stable release
- fixes building with ICU 4.4.1 (Closes: #589046)
- all CVE patches included, so drop them
webkit (1.2.2-1) unstable; urgency=low
[ Michael Gilbert ]
* Turn direct source changes into a patch.
* Fix cve-2010-1386: geolocation information disclosure.
* Fix cve-2010-1392: possible code execution in html button logic.
* Fix cve-2010-1405: possible code execution in vertical positioning logic.
* Fix cve-2010-1407: iframe information disclosure.
* Fix cve-2010-1416: svg cross-site information disclosure.
* Fix cve-2010-1417: possible code execution in the css implementation (this
is currently duplicated as cve-2010-1665 in mitre's cve database).
* Fix cve-2010-1418: remote web script and/or html injection.
* Fix cve-2010-1421: remote modification of clipboard contents.
* Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
cve-2010-2295 in mitre's cve database).
* Fix cve-2010-1501: add check to prevent cross-site request forgery (this
may be duplicated as cve-2010-1767 in mitre's cve database).
* Fix cve-2010-1664: possible code execution due to improper html5 media
handling.
* Fix cve-2010-1758: possible code execution in xml dom processor.
* Fix cve-2010-1759: another possible code execution issue in the xml dom
processor (this is duplicated as cve-2010-2300 in mitre's database).
* Fix cve-2010-1760: user credential information disclosure.
* Fix cve-2010-1761: possible code execution in frameview logic.
* Fix cve-2010-1762: webscript and/or html injection using the textarea
element (this is duplicated as cve-2010-2301 in mitre's database).
* Fix cve-2010-1770: possible code execution due to improper handling of the
ibm1147 character set.
* Fix cve-2010-1771: possible code execution due to improper font handling
(this is duplicated as cve-2010-2302 in mitre's database).
* Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
duplicated as cve-2010-2303 in mitre's database).
* Fix cve-2010-1773: integer overflow in alphabet conversion (this is
duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
closes: #586547.
* Fix cve-2010-1774: integer overflow in table layout handling (this is
duplicated as cve-2010-2297 in mitre's database).
[ Gustavo Noronha Silva ]
* New upstream release
- adds a new symbol, fixed symbols file to include it
* debian/patches/01-fix-bashism-in-build.patch:
- removed, no longer needed
Date: Fri, 16 Jul 2010 10:40:02 +0100
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/maverick/+source/webkit/1.2.3-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Fri, 16 Jul 2010 10:40:02 +0100
Source: webkit
Binary: libwebkit-1.0-2, libwebkit-dev, libwebkit-1.0-common, libwebkit-1.0-2-dbg, gir1.0-webkit-1.0
Architecture: source
Version: 1.2.3-1
Distribution: maverick
Urgency: low
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Closes: 586547 589046
Changes:
webkit (1.2.3-1) unstable; urgency=low
.
* New upstream stable release
- fixes building with ICU 4.4.1 (Closes: #589046)
- all CVE patches included, so drop them
.
webkit (1.2.2-1) unstable; urgency=low
.
[ Michael Gilbert ]
* Turn direct source changes into a patch.
* Fix cve-2010-1386: geolocation information disclosure.
* Fix cve-2010-1392: possible code execution in html button logic.
* Fix cve-2010-1405: possible code execution in vertical positioning logic.
* Fix cve-2010-1407: iframe information disclosure.
* Fix cve-2010-1416: svg cross-site information disclosure.
* Fix cve-2010-1417: possible code execution in the css implementation (this
is currently duplicated as cve-2010-1665 in mitre's cve database).
* Fix cve-2010-1418: remote web script and/or html injection.
* Fix cve-2010-1421: remote modification of clipboard contents.
* Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
cve-2010-2295 in mitre's cve database).
* Fix cve-2010-1501: add check to prevent cross-site request forgery (this
may be duplicated as cve-2010-1767 in mitre's cve database).
* Fix cve-2010-1664: possible code execution due to improper html5 media
handling.
* Fix cve-2010-1758: possible code execution in xml dom processor.
* Fix cve-2010-1759: another possible code execution issue in the xml dom
processor (this is duplicated as cve-2010-2300 in mitre's database).
* Fix cve-2010-1760: user credential information disclosure.
* Fix cve-2010-1761: possible code execution in frameview logic.
* Fix cve-2010-1762: webscript and/or html injection using the textarea
element (this is duplicated as cve-2010-2301 in mitre's database).
* Fix cve-2010-1770: possible code execution due to improper handling of the
ibm1147 character set.
* Fix cve-2010-1771: possible code execution due to improper font handling
(this is duplicated as cve-2010-2302 in mitre's database).
* Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
duplicated as cve-2010-2303 in mitre's database).
* Fix cve-2010-1773: integer overflow in alphabet conversion (this is
duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
closes: #586547.
* Fix cve-2010-1774: integer overflow in table layout handling (this is
duplicated as cve-2010-2297 in mitre's database).
.
[ Gustavo Noronha Silva ]
* New upstream release
- adds a new symbol, fixed symbols file to include it
* debian/patches/01-fix-bashism-in-build.patch:
- removed, no longer needed
Files:
0ab5c478a6f5b74a1ae96bf13a456662 6740030 web optional webkit_1.2.3.orig.tar.gz
0b2cc34c72a7509b26811eadcbbef389 24926 web optional webkit_1.2.3-1.debian.tar.gz
2957ad167931b89b40c55b5fe9a5426e 2004 web optional webkit_1.2.3-1.dsc
More information about the Maverick-changes
mailing list