Bug#578982: webkit: multiple vulnerabilities
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Apr 24 00:44:40 UTC 2010
package: webkit
version: 1.0.1-4
Hi,
The following CVE (Common Vulnerabilities & Exposures) ids were
published for chrome or safari. I tested the proof of concepts against
webkit 1.2.0 (epiphany), and they were effective. I've submitted a bug
upstream [3], which is likely private right now since that is the only
way to submit a security bug to them. I've asked them to unhide it.
Both stable and unstable are affected.
CVE-2009-1514[0]:
| Google Chrome 1.0.154.53 allows remote attackers to cause a denial of
| service (NULL pointer dereference and application crash) via a throw
| statement with a long exception value.
CVE-2010-1180[1]:
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers
| to cause a denial of service (application crash) or possibly execute
| arbitrary code via a long exception string in a throw statement,
| possibly a related issue to CVE-2009-1514.
CVE-2010-1181[2]:
| Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers
| to cause a denial of service (application crash) or possibly execute
| arbitrary code via a long string in a MARQUEE element.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1514
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1180
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1181
[3] https://bugs.webkit.org/show_bug.cgi?id=38067
More information about the Pkg-webkit-maintainers
mailing list