Bug#538402: CVE-2009-1724: Cross-site scripting (XSS) vulnerability in WebKit
Luciano Bello
luciano at debian.org
Sat Jul 25 15:21:44 UTC 2009
Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1724[0]:
| Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari
| before 4.0.2 allows remote attackers to inject arbitrary web script or
| HTML via vectors related to parent and top objects.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724
http://security-tracker.debian.net/tracker/CVE-2009-1724
[1] http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
More information about the Pkg-webkit-maintainers
mailing list