lp:ubuntu/maverick-security/webkit
- Get this branch:
- bzr branch lp:ubuntu/maverick-security/webkit
Branch merges
Branch information
Recent revisions
- 19. By Micah Gersten
-
* SECURITY UPDATE: New upstream release to fix multiple security issues
(LP: #814464)
- CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
- CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
- CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
- CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
- CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
- CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
Gustavo Noronha Silva
- add debian/patches/ 07-fix- bad-merge- that-broke- gifs.patch
- add debian/patches/ 08-fix- crash-for- big-shadowed- areas.patch - 18. By Marc Deslauriers
-
* SECURITY UPDATE: Updated to new stable release 1.2.5 to fix multiple
security issues. (LP: #660075)
- CVE-2010-1780
- CVE-2010-1807
- CVE-2010-1812
- CVE-2010-1814
- CVE-2010-1815
- CVE-2010-3113
- CVE-2010-3114
- CVE-2010-3115
- CVE-2010-3116
- CVE-2010-3257
- CVE-2010-3259 - 17. By Sebastien Bacher
-
* Resync on Debian,
remaining changes:
* debian/control:
- don't build-depends on gir-repository-dev it's not required
* debian/patches/ ubuntu- gir-version. patch:
- use the current gobject introspection abi - 16. By Colin Watson
-
* Cherry-pick from Debian's git repository:
- Do not print a debugging message before doing the domain check
(Gustavo Noronha Silva). - 15. By Sebastien Bacher
-
* Resync on Debian
* WebKit/gtk/JSCore- 1.0.gir:
- updated for the new gobject introspection version
- don't update the js version, thanks Maia Kozheva (lp: #616387) - 12. By Gustavo Noronha Silva
-
* New upstream stable release
- fixes building with ICU 4.4.1 (Closes: #589046)
- all CVE patches included, so drop them - 11. By Gustavo Noronha Silva
-
[ Michael Gilbert ]
* Turn direct source changes into a patch.
* Fix cve-2010-1386: geolocation information disclosure.
* Fix cve-2010-1392: possible code execution in html button logic.
* Fix cve-2010-1405: possible code execution in vertical positioning logic.
* Fix cve-2010-1407: iframe information disclosure.
* Fix cve-2010-1416: svg cross-site information disclosure.
* Fix cve-2010-1417: possible code execution in the css implementation (this
is currently duplicated as cve-2010-1665 in mitre's cve database).
* Fix cve-2010-1418: remote web script and/or html injection.
* Fix cve-2010-1421: remote modification of clipboard contents.
* Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
cve-2010-2295 in mitre's cve database).
* Fix cve-2010-1501: add check to prevent cross-site request forgery (this
may be duplicated as cve-2010-1767 in mitre's cve database).
* Fix cve-2010-1664: possible code execution due to improper html5 media
handling.
* Fix cve-2010-1758: possible code execution in xml dom processor.
* Fix cve-2010-1759: another possible code execution issue in the xml dom
processor (this is duplicated as cve-2010-2300 in mitre's database).
* Fix cve-2010-1760: user credential information disclosure.
* Fix cve-2010-1761: possible code execution in frameview logic.
* Fix cve-2010-1762: webscript and/or html injection using the textarea
element (this is duplicated as cve-2010-2301 in mitre's database).
* Fix cve-2010-1770: possible code execution due to improper handling of the
ibm1147 character set.
* Fix cve-2010-1771: possible code execution due to improper font handling
(this is duplicated as cve-2010-2302 in mitre's database).
* Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
duplicated as cve-2010-2303 in mitre's database).
* Fix cve-2010-1773: integer overflow in alphabet conversion (this is
duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
closes: #586547.
* Fix cve-2010-1774: integer overflow in table layout handling (this is
duplicated as cve-2010-2297 in mitre's database).[ Gustavo Noronha Silva ]
* New upstream release
- adds a new symbol, fixed symbols file to include it
* debian/patches/ 01-fix- bashism- in-build. patch:
- removed, no longer needed - 10. By Gustavo Noronha Silva
-
* debian/
patches/ 01-fix- bashism- in-build. diff:
- remove bashism from the code that handles Web Inspector files,
that end up not being installed. (Closes: #581893)
* Marking this release as urgency=high, given the 1.2.0 series was
already well tested, and testing has a quite buggy version for some
time now.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/natty/webkit