thr3ads.net - Secure testing team - [Secure-testing-team] Bug#490127: libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security issue [Jul 2008]

If this information is useful, please help other people find it:
Share via:

Michael Gilbert

2008-Jul-09 22:57 UTC

[Secure-testing-team] Bug#490127: libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security issue

Package: libwebkit-1.0-1
Version: 1.0.1-1
Severity: grave
Tags: security
Justification: user security hole

the webkit packages in fedora were recently updated to fix a
memory corruption issue in the javascript handler [1].

i''m not sure if this affects sid since the webkit package no longer
indicates the svn version number, but this should be looked at.  it looks 
like webkit svn 34655 includes fixes for the problem.

thanks for the hard work.

[1] http://lwn.net/Articles/289257/

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, ''unstable''), (500,
''stable''), (1, ''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.18-6-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libwebkit-1.0-1 depends on:
ii  libatk1.0-0                1.22.0-1      The ATK accessibility toolkit
ii  libc6                      2.7-12        GNU C Library: Shared libraries
ii  libcairo2                  1.6.4-6       The Cairo 2D vector graphics libra
ii  libcurl3-gnutls            7.18.2-5      Multi-protocol file transfer libra
ii  libfontconfig1             2.6.0-1       generic font configuration library
ii  libfreetype6               2.3.7-1       FreeType 2 font engine, shared lib
ii  libgcc1                    1:4.3.1-6     GCC support library
ii  libglib2.0-0               2.16.4-1      The GLib library of C routines
ii  libgtk2.0-0                2.12.11-1     The GTK+ graphical user interface 
ii  libicu38                   3.8.1-2       International Components for Unico
ii  libjpeg62                  6b-14         The Independent JPEG
Group''s JPEG
ii  libpango1.0-0              1.20.5-1      Layout and rendering of internatio
ii  libpng12-0                 1.2.27-1      PNG library - runtime
ii  libsqlite3-0               3.5.9-3       SQLite 3 shared library
ii  libstdc++6                 4.3.1-6       The GNU Standard C++ Library v3
ii  libx11-6                   2:1.1.4-2     X11 client-side library
ii  libxml2                    2.6.32.dfsg-2 GNOME XML library
ii  libxslt1.1                 1.1.24-1      XSLT processing library - runtime 
ii  libxt6                     1:1.0.5-3     X11 toolkit intrinsics library

libwebkit-1.0-1 recommends no packages.

-- no debconf information

Secure testing team - Jul 2008 - Bug#490127: libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security issue

[Secure-testing-team] Bug#490127: libwebkit-1.0-1: CVE-2008-2307 javascript memory corruption security issue