Ubuntu
webkit package

Branches for Intrepid

Name Status Last Modified Last Commit
lp://qastaging/ubuntu/intrepid/webkit 1 Development 2009-06-27 08:17:16 UTC
9. * symbols.filter: As a workaround for...

Author: Mike Hommey
Revision Date: 2008-07-10 21:10:27 UTC

* symbols.filter: As a workaround for #490173, hide all C++ mangled symbols.
  This will be enough for now, while fixing FTBFS on ARM.
* debian/rules: Build with -Wl,--no-relax on alpha, to work around a
  binutils bug causing FTBFS.
lp://qastaging/ubuntu/intrepid-security/webkit 1 Development 2009-09-22 08:49:07 UTC
11. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:49:07 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725
lp://qastaging/ubuntu/intrepid-updates/webkit 1 Development 2009-09-22 08:49:07 UTC
11. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:49:07 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725
13 of 3 results FirstPreviousNextLast