314193 – dev-qt/qtwebkit, net-libs/webkit-gtk: multiple vulnerabilities (CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0054)

Bug 314193 - dev-qt/qtwebkit, net-libs/webkit-gtk: multiple vulnerabilities (CVE-2010-0046, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051, CVE-2010-0052, CVE-2010-0054)

Summary: dev-qt/qtwebkit, net-libs/webkit-gtk: multiple vulnerabilities (CVE-2010-0046...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B2 [upstream]
Keywords:

Depends on:	315523
Blocks:
	Show dependency tree

Reported:	2010-04-09 18:25 UTC by Hanno Böck
Modified:	2016-02-20 06:06 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2010-04-09 18:25:15 UTC

A large number of vulnerabilities have been found in Apple's Safari, a couple of them also affects qt-webkit (see redhat bug for info). I found no information about webkit-gtk, but it can be assumed that it's also affected.

Apple advisory:
http://support.apple.com/kb/HT4070

Redhat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=570349

Comment 1 Alex Legler (RETIRED) archtester

2010-04-09 18:48:58 UTC

Correcting whiteboard.

Comment 2 Ben de Groot (RETIRED) gentoo-dev

2010-04-09 18:51:57 UTC

https://admin.fedoraproject.org/updates/qt-4.6.2-8.fc13 shows Fedora has patches

Comment 3 Ben de Groot (RETIRED) gentoo-dev

2010-04-09 22:38:28 UTC

I've added the patches Fedora uses for Qt to qt-webkit-4.6.2-r1 and qt-webkit-4.5.3-r3. Do you want us to open a separate stablereq bug for this? (As we are sharing this bug with webkit-gtk...)

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2010-04-10 10:03:13 UTC

(In reply to comment #3)
> I've added the patches Fedora uses for Qt to qt-webkit-4.6.2-r1 and
> qt-webkit-4.5.3-r3. Do you want us to open a separate stablereq bug for this?
> (As we are sharing this bug with webkit-gtk...)
> 

Yes, please do.

Comment 5 Johannes Huber (RETIRED) gentoo-dev

2012-03-28 10:54:42 UTC

Thanks all. Affected versions gone from tree. Removing qt from cc.

Comment 6 Pacho Ramos gentoo-dev

2014-06-01 11:40:36 UTC

I think all were fixed long time ago then, at least whiteboard info should be updated to the step you now want to get done

Comment 7 Pacho Ramos gentoo-dev

2014-06-01 13:24:32 UTC

1.2.3 solves this, was stabilized in bug #324077

Comment 8 Aaron Bauman (RETIRED) gentoo-dev

2016-02-20 06:06:43 UTC

issue fixed in previous comment a LONG time ago