Bug#599830: Multiple security issues
Michael Gilbert
michael.s.gilbert at gmail.com
Thu Oct 28 18:30:36 UTC 2010
On Thu, 28 Oct 2010 18:26:47 +0200, Mike Hommey wrote:
> On Thu, Oct 28, 2010 at 06:18:29PM +0200, Moritz Muehlenhoff wrote:
> > On Mon, Oct 18, 2010 at 11:52:40AM -0200, Gustavo Noronha Silva wrote:
> > > Version: 1.2.5-1
> > >
> > > Hey,
> > >
> > > On Sun, 2010-10-17 at 22:27 +0200, Moritz Muehlenhoff wrote:
> > > > On Mon, Oct 11, 2010 at 07:50:48PM +0200, Moritz Muehlenhoff wrote:
> > > > > Package: webkit
> > > > > Severity: grave
> > > > > Tags: security
> > > > >
> > > > > The following security issues need to be fixed in Webkit:
> > > > >
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-1807
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-2646
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-2651
> > > > > http://security-tracker.debian.org/tracker/CVE-2010-3115
> > > > >
> > > > > Also, the status of #532514 should finally be resolved
> > > > > for Squeeze.
> > > >
> > > > People were claming that Webkit would be more maintainable
> > > > and supported then the version in Lenny.
> > > >
> > > > Still, there's no followup from the maintainers since a week.
> > >
> > > I'm kinda busy, sorry. This weekend I worked on packaging 1.2.5 after
> > > having worked on getting many CVEs handled upstream. Michael Gilbert
> > > also worked on a few more CVEs for the Debian package. The package I
> > > finished uploading this morning has the following CVEs handled, from
> > > upstream:
> >
> > Thanks for the upload.
> >
> > There's a huge amount of vulnerabilities which need to be checked
> > for Webkit on top of these. Shall I open a new bug?
> > CVE-2009-2068
> > CVE-2009-3011
> > CVE-2010-1131
> > CVE-2010-1384
> > CVE-2010-1403
> > CVE-2010-1750
> > CVE-2010-1757
> > CVE-2010-1769
> > CVE-2010-1781
> > CVE-2010-1783
> > CVE-2010-1805
> > CVE-2010-1806
> > CVE-2010-1823
> > CVE-2010-1824
> > CVE-2010-1825
> > CVE-2010-1992
> > CVE-2010-2120
> > CVE-2010-2264
> > CVE-2010-3246
> > CVE-2010-3248
> > CVE-2010-3249
> > CVE-2010-3252
> > CVE-2010-3253
> > CVE-2010-3254
> > CVE-2010-3255
> > CVE-2010-3415
> > CVE-2010-3416
> > CVE-2010-3730
> > CVE-2010-4033
> > CVE-2010-4034
> > CVE-2010-4035
> > CVE-2010-4036
> > CVE-2010-4037
> > CVE-2010-4038
> > CVE-2010-4039
> > CVE-2010-4040
> > CVE-2010-4041
> > CVE-2010-4042
> >
> > It is very important that more people get involved in webkit
> > maintenance, especially with regard to the backports needed for
> > Squeeze and given that it represents the web engine for the browser
> > installed in the standard desktop task. Could you maybe send a RFH
> > to debian-devel-announce?
> >
> > How long will the 1.2 branch be supported by upstream?
>
> From my POV it doesn't look like to be supported, which is the main
> problem we have... We can't support webkit by ourselves...
Didn't Gustavo take over as the manager for stable upstream releases?
Mike
More information about the Pkg-webkit-maintainers
mailing list