[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.2.3-2-36-g0136662

Michael Gilbert michael.s.gilbert at gmail.com
Wed Sep 8 00:08:38 UTC 2010 

The following commit has been merged in the debian/unstable branch:
commit 845d32c2b1d298412bee0cffdde9dce80ecc1313
Author: Michael Gilbert <michael.s.gilbert at gmail.com>
Date:   Mon Sep 6 22:15:17 2010 -0400

    fix cve-2010-3120

diff --git a/debian/changelog b/debian/changelog
index 2a74c35..55bea78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,6 +7,7 @@ webkit (1.2.4-2) unstable; urgency=high
   * fix cve-2010-2901: vulnerability in the rendering implementation.
   * fix cve-2010-3115: address bar spoofing (only partially fixed in 1.2.4-1).
   * fix cve-2010-3116: vulnerability in MIME type handling.
+  * fix cve-2010-3120: vulnerability in geolocation feature.
 
  -- Michael Gilbert <michael.s.gilbert at gmail.com>  Mon, 06 Sep 2010 21:36:40 -0400
 
diff --git a/debian/patches/cve-2010-3120.patch b/debian/patches/cve-2010-3120.patch
new file mode 100644
index 0000000..976affc
--- /dev/null
+++ b/debian/patches/cve-2010-3120.patch
@@ -0,0 +1,27 @@
+description: fix cve-2010-3120
+author: Michael Gilbert <michael.s.gilbert at gmail.com>
+origin: http://trac.webkit.org/changeset/65329
+Index: webkit-1.2.4/WebCore/page/Geolocation.cpp
+===================================================================
+--- webkit-1.2.4.orig/WebCore/page/Geolocation.cpp	2010-09-03 15:18:06.000000000 -0400
++++ webkit-1.2.4/WebCore/page/Geolocation.cpp	2010-09-06 22:14:03.000000000 -0400
+@@ -252,6 +252,9 @@
+ 
+ void Geolocation::getCurrentPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
+ {
++    if (!m_frame)
++        return;
++
+     RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
+     ASSERT(notifier);
+ 
+@@ -260,6 +263,9 @@
+ 
+ int Geolocation::watchPosition(PassRefPtr<PositionCallback> successCallback, PassRefPtr<PositionErrorCallback> errorCallback, PassRefPtr<PositionOptions> options)
+ {
++    if (!m_frame)
++        return 0;
++
+     RefPtr<GeoNotifier> notifier = startRequest(successCallback, errorCallback, options);
+     ASSERT(notifier);
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 6bad5fb..a2a7dd5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@ cve-2010-2900.patch
 cve-2010-2901.patch
 cve-2010-3115.patch
 cve-2010-3116.patch
+cve-2010-3120.patch

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list