[Secure-testing-team] Bug#490127: libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security issue
Michael Gilbert
michael.s.gilbert at gmail.com
Wed Jul 9 22:57:24 UTC 2008
Package: libwebkit-1.0-1
Version: 1.0.1-1
Severity: grave
Tags: security
Justification: user security hole
the webkit packages in fedora were recently updated to fix a
memory corruption issue in the javascript handler [1].
i'm not sure if this affects sid since the webkit package no longer
indicates the svn version number, but this should be looked at. it looks
like webkit svn 34655 includes fixes for the problem.
thanks for the hard work.
[1] http://lwn.net/Articles/289257/
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libwebkit-1.0-1 depends on:
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libc6 2.7-12 GNU C Library: Shared libraries
ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra
ii libcurl3-gnutls 7.18.2-5 Multi-protocol file transfer libra
ii libfontconfig1 2.6.0-1 generic font configuration library
ii libfreetype6 2.3.7-1 FreeType 2 font engine, shared lib
ii libgcc1 1:4.3.1-6 GCC support library
ii libglib2.0-0 2.16.4-1 The GLib library of C routines
ii libgtk2.0-0 2.12.11-1 The GTK+ graphical user interface
ii libicu38 3.8.1-2 International Components for Unico
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio
ii libpng12-0 1.2.27-1 PNG library - runtime
ii libsqlite3-0 3.5.9-3 SQLite 3 shared library
ii libstdc++6 4.3.1-6 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.4-2 X11 client-side library
ii libxml2 2.6.32.dfsg-2 GNOME XML library
ii libxslt1.1 1.1.24-1 XSLT processing library - runtime
ii libxt6 1:1.0.5-3 X11 toolkit intrinsics library
libwebkit-1.0-1 recommends no packages.
-- no debconf information
More information about the Secure-testing-team
mailing list