[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-36-g0136662

[Michael Gilbert]

The following commit has been merged in the debian/unstable branch:
commit bc3ef7bff97017e8e8d90df08c617b1693ed19d2
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date:   Mon Sep 6 22:11:00 2010 -0400

    fix cve-2010-3115

diff --git a/debian/changelog b/debian/changelog
index 69b84d9..beb53ef 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,7 @@ webkit (1.2.4-2) unstable; urgency=high
   * fix cve-2010-2900: vulnerability with large canvas elements when using the
     SKIA library.
   * fix cve-2010-2901: vulnerability in the rendering implementation.
+  * fix cve-2010-3115: address bar spoofing (only partially fixed in 1.2.4-1).
 
  -- Michael Gilbert <michael.s.gilbert at gmail.com>  Mon, 06 Sep 2010 21:36:40 -0400
 
diff --git a/debian/patches/cve-2010-3115.patch b/debian/patches/cve-2010-3115.patch
new file mode 100644
index 0000000..8466176
--- /dev/null
+++ b/debian/patches/cve-2010-3115.patch
@@ -0,0 +1,16 @@
+description: fix cve-2010-3115
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: http://trac.webkit.org/changeset/63925
+Index: webkit-1.2.4/WebCore/page/History.cpp
+===================================================================
+--- webkit-1.2.4.orig/WebCore/page/History.cpp	2010-09-03 16:12:23.000000000 -0400
++++ webkit-1.2.4/WebCore/page/History.cpp	2010-09-06 22:08:52.000000000 -0400
+@@ -82,7 +82,7 @@
+ 
+ KURL History::urlForState(const String& urlString)
+ {
+-    KURL baseURL = m_frame->loader()->baseURL();
++    KURL baseURL = m_frame->document()->url();
+     if (urlString.isEmpty())
+         return baseURL;
+         
diff --git a/debian/patches/series b/debian/patches/series
index b16d306..40e5238 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -4,3 +4,4 @@ cve-2010-2646.patch
 cve-2010-2651.patch
 cve-2010-2900.patch
 cve-2010-2901.patch
+cve-2010-3115.patch

-- 
WebKit Debian packaging