[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.1-2-29-g5dbcb1c
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Jun 29 04:11:41 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit 4cb35fe3755473d85fbf61ef439d9a4aa064d6e5
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date: Mon Jun 28 22:03:45 2010 -0400
fix cve-2010-1762
diff --git a/WebCore/editing/markup.cpp b/WebCore/editing/markup.cpp
index 787dad9..9b2634e 100644
--- a/WebCore/editing/markup.cpp
+++ b/WebCore/editing/markup.cpp
@@ -404,10 +404,12 @@ static void appendStartMarkup(Vector<UChar>& result, const Node* node, const Ran
if (Node* parent = node->parentNode()) {
if (parent->hasTagName(scriptTag)
|| parent->hasTagName(styleTag)
- || parent->hasTagName(textareaTag)
|| parent->hasTagName(xmpTag)) {
appendUCharRange(result, ucharRange(node, range));
break;
+ } else if (parent->hasTagName(textareaTag)) {
+ appendEscapedContent(result, ucharRange(node, range), documentIsHTML);
+ break;
}
}
if (!annotate) {
diff --git a/debian/changelog b/debian/changelog
index f511292..73c2239 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -21,6 +21,8 @@ webkit (1.2.1-3) UNRELEASED; urgency=low
processor.
* Fix cve-2010-1760: user credential information disclosure.
* Fix cve-2010-1761: possible code execution in frameview logic.
+ * Fix cve-2010-1762: webscript and/or html injection using the textarea
+ element.
-- Michael Gilbert <michael.s.gilbert at gmail.com> Thu, 27 May 2010 20:36:41 -0400
diff --git a/debian/patches/series b/debian/patches/series
index d457b56..aa17bd4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,3 +20,4 @@ cve-2010-1758.patch
cve-2010-1759.patch
cve-2010-1760.patch
cve-2010-1761.patch
+cve-2010-1762.patch
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list