Bug#577457: webkit: CVE-2010-1236 leading url characters issue
Michael Gilbert
michael.s.gilbert at gmail.com
Sun Apr 11 20:13:24 UTC 2010
Package: webkit
Version: 1.2.0-1
Severity: serious
Tags: security
Hi,
The following CVE (Common Vulnerabilities & Exposures) id was
published for webkit. Note that the upstream developers may not be
aware of this problem since google's fixes are to KURLGoogle.cpp, which
doesn't exist. However, the vulnerable code is present in the
latest webkit (1.2.0) in KURL.cpp.
CVE-2010-1236[0]:
| Google Chrome before 4.1.249.1036 does not properly restrict
| cross-origin operations, which has unspecified impact and remote
| attack vectors.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1236
http://security-tracker.debian.org/tracker/CVE-2010-1236
More information about the Pkg-webkit-maintainers
mailing list