[ubuntu/maverick] webkit 1.2.3-1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Jul 16 10:40:31 BST 2010


webkit (1.2.3-1) unstable; urgency=low

  * New upstream stable release
  - fixes building with ICU 4.4.1 (Closes: #589046)
  - all CVE patches included, so drop them

webkit (1.2.2-1) unstable; urgency=low

  [ Michael Gilbert ]
  * Turn direct source changes into a patch.
  * Fix cve-2010-1386: geolocation information disclosure.
  * Fix cve-2010-1392: possible code execution in html button logic.
  * Fix cve-2010-1405: possible code execution in vertical positioning logic.
  * Fix cve-2010-1407: iframe information disclosure.
  * Fix cve-2010-1416: svg cross-site information disclosure.
  * Fix cve-2010-1417: possible code execution in the css implementation (this
    is currently duplicated as cve-2010-1665 in mitre's cve database).
  * Fix cve-2010-1418: remote web script and/or html injection.
  * Fix cve-2010-1421: remote modification of clipboard contents.
  * Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
    cve-2010-2295 in mitre's cve database).
  * Fix cve-2010-1501: add check to prevent cross-site request forgery (this
    may be duplicated as cve-2010-1767 in mitre's cve database).
  * Fix cve-2010-1664: possible code execution due to improper html5 media
    handling.
  * Fix cve-2010-1758: possible code execution in xml dom processor.
  * Fix cve-2010-1759: another possible code execution issue in the xml dom
    processor (this is duplicated as cve-2010-2300 in mitre's database).
  * Fix cve-2010-1760: user credential information disclosure.
  * Fix cve-2010-1761: possible code execution in frameview logic.
  * Fix cve-2010-1762: webscript and/or html injection using the textarea
    element (this is duplicated as cve-2010-2301 in mitre's database).
  * Fix cve-2010-1770: possible code execution due to improper handling of the
    ibm1147 character set.
  * Fix cve-2010-1771: possible code execution due to improper font handling
    (this is duplicated as cve-2010-2302 in mitre's database).
  * Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
    duplicated as cve-2010-2303 in mitre's database).
  * Fix cve-2010-1773: integer overflow in alphabet conversion (this is
    duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
    closes: #586547.
  * Fix cve-2010-1774: integer overflow in table layout handling (this is
    duplicated as cve-2010-2297 in mitre's database).

  [ Gustavo Noronha Silva ]
  * New upstream release
  - adds a new symbol, fixed symbols file to include it
  * debian/patches/01-fix-bashism-in-build.patch:
  - removed, no longer needed

Date: Fri,  16 Jul 2010 10:40:02 +0100
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/maverick/+source/webkit/1.2.3-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Fri,  16 Jul 2010 10:40:02 +0100
Source: webkit
Binary: libwebkit-1.0-2, libwebkit-dev, libwebkit-1.0-common, libwebkit-1.0-2-dbg, gir1.0-webkit-1.0
Architecture: source
Version: 1.2.3-1
Distribution: maverick
Urgency: low
Maintainer: Debian WebKit Maintainers <pkg-webkit-maintainers at lists.alioth.debian.org>
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Closes: 586547 589046
Changes: 
 webkit (1.2.3-1) unstable; urgency=low
 .
   * New upstream stable release
   - fixes building with ICU 4.4.1 (Closes: #589046)
   - all CVE patches included, so drop them
 .
 webkit (1.2.2-1) unstable; urgency=low
 .
   [ Michael Gilbert ]
   * Turn direct source changes into a patch.
   * Fix cve-2010-1386: geolocation information disclosure.
   * Fix cve-2010-1392: possible code execution in html button logic.
   * Fix cve-2010-1405: possible code execution in vertical positioning logic.
   * Fix cve-2010-1407: iframe information disclosure.
   * Fix cve-2010-1416: svg cross-site information disclosure.
   * Fix cve-2010-1417: possible code execution in the css implementation (this
     is currently duplicated as cve-2010-1665 in mitre's cve database).
   * Fix cve-2010-1418: remote web script and/or html injection.
   * Fix cve-2010-1421: remote modification of clipboard contents.
   * Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
     cve-2010-2295 in mitre's cve database).
   * Fix cve-2010-1501: add check to prevent cross-site request forgery (this
     may be duplicated as cve-2010-1767 in mitre's cve database).
   * Fix cve-2010-1664: possible code execution due to improper html5 media
     handling.
   * Fix cve-2010-1758: possible code execution in xml dom processor.
   * Fix cve-2010-1759: another possible code execution issue in the xml dom
     processor (this is duplicated as cve-2010-2300 in mitre's database).
   * Fix cve-2010-1760: user credential information disclosure.
   * Fix cve-2010-1761: possible code execution in frameview logic.
   * Fix cve-2010-1762: webscript and/or html injection using the textarea
     element (this is duplicated as cve-2010-2301 in mitre's database).
   * Fix cve-2010-1770: possible code execution due to improper handling of the
     ibm1147 character set.
   * Fix cve-2010-1771: possible code execution due to improper font handling
     (this is duplicated as cve-2010-2302 in mitre's database).
   * Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
     duplicated as cve-2010-2303 in mitre's database).
   * Fix cve-2010-1773: integer overflow in alphabet conversion (this is
     duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
     closes: #586547.
   * Fix cve-2010-1774: integer overflow in table layout handling (this is
     duplicated as cve-2010-2297 in mitre's database).
 .
   [ Gustavo Noronha Silva ]
   * New upstream release
   - adds a new symbol, fixed symbols file to include it
   * debian/patches/01-fix-bashism-in-build.patch:
   - removed, no longer needed
Files: 
 0ab5c478a6f5b74a1ae96bf13a456662 6740030 web optional webkit_1.2.3.orig.tar.gz
 0b2cc34c72a7509b26811eadcbbef389 24926 web optional webkit_1.2.3-1.debian.tar.gz
 2957ad167931b89b40c55b5fe9a5426e 2004 web optional webkit_1.2.3-1.dsc


More information about the Maverick-changes mailing list