Ubuntu
webkit package

Branches for Jaunty

Name Status Last Modified Last Commit
lp://qastaging/ubuntu/jaunty-security/webkit 2 Mature 2009-09-23 13:09:49 UTC
5. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:47:11 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - http://trac.webkit.org/changeset/43795
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725
lp://qastaging/ubuntu/jaunty-updates/webkit 2 Mature 2009-09-23 17:19:51 UTC
5. * SECURITY UPDATE: remote code execut...

Author: Marc Deslauriers
Revision Date: 2009-09-22 08:47:11 UTC

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - http://trac.webkit.org/changeset/43795
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725
lp://qastaging/ubuntu/jaunty/webkit 1 Development 2009-06-27 08:17:33 UTC
4. WebCore/dom/Document.*, WebCore/loade...

Author: Mike Hommey
Revision Date: 2008-09-27 08:57:48 UTC

WebCore/dom/Document.*, WebCore/loader/DocLoader.*: Avoid DoS via
crafted CSS import statements. Fixes: CVE-2008-3632. Closes: #499771.
13 of 3 results FirstPreviousNextLast