Summary: | <net-libs/webkit-gtk-1.1.10: Multiple vulnerabilities (CVE-2009-{1233,1681,1684,1687,1690,1692,1695,1697,1698,1701,1702,1703,1712,1718}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra, kanelxake |
Priority: | High | Keywords: | Tracker |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 271865, 284109, 284110, 284116, 284121, 284124, 284128, 284131, 284132, 284137, 284138, 284140, 284147, 284153 |
Description
Alex Legler (RETIRED)
2009-10-03 13:25:51 UTC
bug 284109 - WebKit Clickjacking (CVE-2009-1681) bug 284110 - WebKit Event Handler XSS (CVE-2009-1684) bug 284116 - WebKit GC ACE/DoS (CVE-2009-1687) bug 284121 - WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690) bug 284124 - WebKit HTMLSelectElement ACE/DoS (CVE-2009-1692) bug 284128 - WebKit Frame/Page transition XSS (CVE-2009-1695) bug 284131 - WebKit HTTP header CRLF injection (CVE-2009-1697) bug 284132 - WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698) bug 284137 - WebKit JS DOM "dir" attribute Use-after-free (CVE-2009-1701) bug 284138 - WebKit Location and History XSS (CVE-2009-1702) bug 284140 - WebKit file: URL file existence disclosure (CVE-2009-1703) bug 284147 - WebKit Remote loading of Java applets is not prohibited (CVE-2009-1712) bug 284153 - WebKit Drag event Information Disclosure (CVE-2009-1718) bug 271865 - net-libs/webkit-gtk XML nested A infinite loop (CVE-2009-1233) the oldest version of webkit in portage is version 1.1.15.4 so this should maybe be marked fixed? Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. |