[Secure-testing-team] Bug#700164: src:webkit: first pile of 2013 CVEs

Helmut Grohne helmut at subdivi.de
Sat Feb 9 11:31:23 UTC 2013


Package: src:webkit
Severity: grave
Tags: security
Justification: user security hole

Dear webkit maintainers,

On behalf of the security team I am creating a bug for the following
CVE identifiers supposedly affecting webkit.

CVE-2013-0948
CVE-2013-0949
CVE-2013-0950
CVE-2013-0951
CVE-2013-0952
CVE-2013-0953
CVE-2013-0954
CVE-2013-0955
CVE-2013-0956
CVE-2013-0958
CVE-2013-0959
CVE-2013-0962
CVE-2013-0964
CVE-2013-0968

Please verify which of them (if any) actually apply to Debian's version
of webkit. All of the appear to apply to some kind of memory corruption
or access restriction bypass which makes them good candidates. If they
turn out not to pose a risk for the user, please downgrade this bug.

Helmut



More information about the Secure-testing-team mailing list