Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 287494 - <net-libs/webkit-gtk-1.1.10: Multiple vulnerabilities (CVE-2009-{1233,1681,1684,1687,1690,1692,1695,1697,1698,1701,1702,1703,1712,1718})
Summary: <net-libs/webkit-gtk-1.1.10: Multiple vulnerabilities (CVE-2009-{1233,1681,16...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on:
Blocks: CVE-2009-1233 CVE-2009-1681 CVE-2009-1684 CVE-2009-1687 CVE-2009-1690 CVE-2009-1692 CVE-2009-1695 CVE-2009-1697 CVE-2009-1698 CVE-2009-1701 CVE-2009-1702 CVE-2009-1703 CVE-2009-1712 CVE-2009-1718
  Show dependency tree
 
Reported: 2009-10-03 13:25 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:25:51 UTC 
Collecting all issues that were fixed in the r40220->1.1.10 bump
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:31:06 UTC 
bug 284109 - WebKit Clickjacking (CVE-2009-1681)
bug 284110 - WebKit Event Handler XSS (CVE-2009-1684)
bug 284116 - WebKit GC ACE/DoS (CVE-2009-1687)
bug 284121 - WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)
bug 284124 - WebKit HTMLSelectElement ACE/DoS (CVE-2009-1692)
bug 284128 - WebKit Frame/Page transition XSS (CVE-2009-1695)
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:50:49 UTC 
bug 284131 - WebKit HTTP header CRLF injection (CVE-2009-1697)
bug 284132 - WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698)
bug 284137 - WebKit JS DOM "dir" attribute Use-after-free (CVE-2009-1701)
bug 284138 - WebKit Location and History XSS (CVE-2009-1702)
bug 284140 - WebKit file: URL file existence disclosure (CVE-2009-1703)
bug 284147 - WebKit Remote loading of Java applets is not prohibited (CVE-2009-1712)
bug 284153 - WebKit Drag event Information Disclosure (CVE-2009-1718)
bug 271865 - net-libs/webkit-gtk XML nested A infinite loop (CVE-2009-1233)
Comment 3 Xake 2010-10-21 10:57:07 UTC 
the oldest version of webkit in portage is version 1.1.15.4 so this should maybe be marked fixed?
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:17:16 UTC 
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.