lp://qastaging/ubuntu/jaunty-security/webkit

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

5. By Marc Deslauriers on 2009-09-22

* SECURITY UPDATE: remote code execution via document with a SVGPathList
  data structure containing a negative index.
  - WebCore/svg/SVGList.h: make sure index is valid.
  - http://trac.webkit.org/changeset/43590
  - http://trac.webkit.org/changeset/43795
  - CVE-2009-0945
* SECURITY UPDATE: denial of service or arbitrary code execution via
  JavaScript garbage collector allocation failures.
  - JavaScriptCore/kjs/collector.cpp: make sure numBlocks is valid.
  - http://trac.webkit.org/changeset/41854
  - CVE-2009-1687
* SECURITY UPDATE: denial of service or arbitrary code execution via
  use-after-free.
  - WebCore/html/HTMLParser.{cpp,h}: Fix incorrect handling of the head
    element.
  - http://trac.webkit.org/changeset/42532
  - CVE-2009-1690
* SECURITY UPDATE: denial of service or arbitrary code execution via
  attr function call with a large numerical argument.
  - WebCore/css/{CSSParser,CSSPrimitiveValue}.cpp: fix attr handling.
  - http://trac.webkit.org/changeset/42081
  - CVE-2009-1698
* SECURITY UPDATE: denial of service or arbitrary code execution via
  Attr DOM objects improper memory initialization.
  - WebCore/css/CSSStyleSelector.cpp, WebCore/dom/{Attribute.h,
    MappedAttribute.h,NamedMappedAttrMap.cpp,StyledElement.cpp},
    WebCore/html/HTMLInputElement.cpp, WebCore/svg/{SVGStyledElement,
    SVGForeignObjectElement}.cpp: introduce and use isMappedAttribute().
  - http://trac.webkit.org/changeset/36918
  - CVE-2009-1711
* SECURITY UPDATE: arbitrary code execution via remote loading of
  local java applets.
  - WebCore/html/HTMLAppletElement.cpp, WebCore/loader/FrameLoader.cpp:
    Use same rule for loading java applets as webkit does for images.
  - http://trac.webkit.org/changeset/41568
  - CVE-2009-1712
* SECURITY UPDATE: denial of service or arbitrary code execution via
  numeric character references.
  - WebCore/html/HTMLTokenizer.cpp: increase size of checkBuffer()
  - http://trac.webkit.org/changeset/44799
  - CVE-2009-1725

4. By Mike Hommey <email address hidden> on 2008-09-27

WebCore/dom/Document.*, WebCore/loader/DocLoader.*: Avoid DoS via
crafted CSS import statements. Fixes: CVE-2008-3632. Closes: #499771.

3. By Mike Hommey <email address hidden> on 2007-09-06

* JavaScriptCore/wtf/Platform.h:
  - Also test if __arm__ is defined, which should fix the FTBFS on arm.
  - Use better defines for our various arm ports.
* JavaScriptCore/kjs/ustring.h, WebCore/platform/DeprecatedString.h: Use
  these new defines. Thanks Riku Voipio.
* debian/control: Build depend on Qt >= 4.3. Thanks Hubert Figuiere.
  Closes: #439672.
* debian/rules: Explicitely use qmake-qt4 instead of qmake to avoid build
  failures when qt3-dev-tools is installed. Thanks Michael Biebl.
  Closes: #441007.

2. By Mike Hommey <email address hidden> on 2007-08-19

* New upstream snapshot
* debian/copyright: Updated so as to fit what we actually remove (there were
  missing removals previously, which were not appropriate for the most
  anyways), and to fit the additions/removals of files upstream.
* JavaScriptCore/wtf/TCSpinLock.h: Work around an FTBFS on PPC due to a
  probable regression in gcc (#438415).
* debian/rules:
  + Change the place we install QtLauncher from, since it moved.
  + Set binary packages' shlibs correctly.
  + Use $(CURDIR) variable more safely to avoid problem with build
    directories with spaces.
* WebKitQt/Plugins/Plugins.pro: Build plugins with hidden symbols, so that
  they don't expose unwanted symbols.

1. By Mike Hommey <email address hidden> on 2007-08-19

Import upstream version 0~svn25144