[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c

Michael Gilbert michael.s.gilbert at gmail.com
Tue Jun 29 04:11:17 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 880f14124886f48d2b77cda1443b8224e5e9ad03
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date:   Mon Jun 28 21:18:58 2010 -0400

    fix cve-2010-1417

diff --git a/WebCore/rendering/RenderInline.cpp b/WebCore/rendering/RenderInline.cpp
index 6d3f462..69e6eab 100644
--- a/WebCore/rendering/RenderInline.cpp
+++ b/WebCore/rendering/RenderInline.cpp
@@ -274,7 +274,7 @@ void RenderInline::splitInlines(RenderBlock* fromBlock, RenderBlock* toBlock,
             // has to move into the inline continuation.  Call updateBeforeAfterContent to ensure that the inline's :after
             // content gets properly destroyed.
             if (document()->usesBeforeAfterRules())
-                inlineCurr->children()->updateBeforeAfterContent(this, AFTER);
+                inlineCurr->children()->updateBeforeAfterContent(inlineCurr, AFTER);
 
             // Now we need to take all of the children starting from the first child
             // *after* currChild and append them all to the clone.
diff --git a/debian/changelog b/debian/changelog
index 284560f..e6bef7e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,8 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
   * Fix cve-2010-1405: possible code execution in vertical positioning logic.
   * Fix cve-2010-1407: iframe information disclosure.
   * Fix cve-2010-1416: svg cross-site information disclosure.
+  * Fix cve-2010-1417: possible code execution in the css implementation (this
+    currently duplicated as cve-2010-1665 in the cve tracker).
 
  -- Michael Gilbert <michael.s.gilbert at gmail.com>  Thu, 27 May 2010 20:36:41 -0400
 
diff --git a/debian/patches/cve-2010-1417+1665.patch b/debian/patches/cve-2010-1417+1665.patch
new file mode 100644
index 0000000..29f5d90
--- /dev/null
+++ b/debian/patches/cve-2010-1417+1665.patch
@@ -0,0 +1,16 @@
+description: fix cve-2010-1417 (and cve-2010-1665 which is a duplicate)
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: http://trac.webkit.org/changeset/58201
+Index: webkit-1.2.1/WebCore/rendering/RenderInline.cpp
+===================================================================
+--- webkit-1.2.1.orig/WebCore/rendering/RenderInline.cpp	2010-05-13 16:31:30.000000000 -0400
++++ webkit-1.2.1/WebCore/rendering/RenderInline.cpp	2010-06-28 21:16:28.000000000 -0400
+@@ -274,7 +274,7 @@
+             // has to move into the inline continuation.  Call updateBeforeAfterContent to ensure that the inline's :after
+             // content gets properly destroyed.
+             if (document()->usesBeforeAfterRules())
+-                inlineCurr->children()->updateBeforeAfterContent(this, AFTER);
++                inlineCurr->children()->updateBeforeAfterContent(inlineCurr, AFTER);
+ 
+             // Now we need to take all of the children starting from the first child
+             // *after* currChild and append them all to the clone.
diff --git a/debian/patches/series b/debian/patches/series
index 24becaa..42c3b73 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,3 +8,4 @@ cve-2010-1392.patch
 cve-2010-1405.patch
 cve-2010-1407.patch
 cve-2010-1416.patch
+cve-2010-1417+1665.patch

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list