Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 287494 - <net-libs/webkit-gtk-1.1.10: Multiple vulnerabilities (CVE-2009-{1233,1681,1684,1687,1690,1692,1695,1697,1698,1701,1702,1703,1712,1718})
Summary: <net-libs/webkit-gtk-1.1.10: Multiple vulnerabilities (CVE-2009-{1233,1681,16...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: Tracker
Depends on:
Blocks: CVE-2009-1233 CVE-2009-1681 CVE-2009-1684 CVE-2009-1687 CVE-2009-1690 CVE-2009-1692 CVE-2009-1695 CVE-2009-1697 CVE-2009-1698 CVE-2009-1701 CVE-2009-1702 CVE-2009-1703 CVE-2009-1712 CVE-2009-1718
  Show dependency tree
 
Reported: 2009-10-03 13:25 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:17 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:25:51 UTC
Collecting all issues that were fixed in the r40220->1.1.10 bump
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:31:06 UTC
bug 284109 - WebKit Clickjacking (CVE-2009-1681)
bug 284110 - WebKit Event Handler XSS (CVE-2009-1684)
bug 284116 - WebKit GC ACE/DoS (CVE-2009-1687)
bug 284121 - WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)
bug 284124 - WebKit HTMLSelectElement ACE/DoS (CVE-2009-1692)
bug 284128 - WebKit Frame/Page transition XSS (CVE-2009-1695)
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-10-03 13:50:49 UTC
bug 284131 - WebKit HTTP header CRLF injection (CVE-2009-1697)
bug 284132 - WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698)
bug 284137 - WebKit JS DOM "dir" attribute Use-after-free (CVE-2009-1701)
bug 284138 - WebKit Location and History XSS (CVE-2009-1702)
bug 284140 - WebKit file: URL file existence disclosure (CVE-2009-1703)
bug 284147 - WebKit Remote loading of Java applets is not prohibited (CVE-2009-1712)
bug 284153 - WebKit Drag event Information Disclosure (CVE-2009-1718)
bug 271865 - net-libs/webkit-gtk XML nested A infinite loop (CVE-2009-1233)
Comment 3 Xake 2010-10-21 10:57:07 UTC
the oldest version of webkit in portage is version 1.1.15.4 so this should maybe be marked fixed?
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:17:16 UTC
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.