Ubuntu
webkit package

lp:ubuntu/maverick-security/webkit

  1. Maverick (10.10)
  2. maverick-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/maverick-security/webkit
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

19. By Micah Gersten

* SECURITY UPDATE: New upstream release to fix multiple security issues
  (LP: #814464)
  - CVE-2010-2901, CVE-2010-3812, CVE-2010-3813, CVE-2010-4040
  - CVE-2010-4197, CVE-2010-4198, CVE-2010-4199, CVE-2010-4204
  - CVE-2010-4206, CVE-2010-4492, CVE-2010-4493, CVE-2010-4577
  - CVE-2010-4578, CVE-2011-0482, CVE-2011-0778
* Add patches from Debian for the following CVEs; Thanks to Michael Gilbert
  - CVE-2010-1824, CVE-2010-2646, CVE-2010-2651, CVE-2010-2900
  - CVE-2010-3120, CVE-2010-3254, CVE-2010-4042
* Add patches from Debian to fix broken functionality and a crash; Thanks to
  Gustavo Noronha Silva
  - add debian/patches/07-fix-bad-merge-that-broke-gifs.patch
  - add debian/patches/08-fix-crash-for-big-shadowed-areas.patch

18. By Marc Deslauriers

* SECURITY UPDATE: Updated to new stable release 1.2.5 to fix multiple
  security issues. (LP: #660075)
  - CVE-2010-1780
  - CVE-2010-1807
  - CVE-2010-1812
  - CVE-2010-1814
  - CVE-2010-1815
  - CVE-2010-3113
  - CVE-2010-3114
  - CVE-2010-3115
  - CVE-2010-3116
  - CVE-2010-3257
  - CVE-2010-3259

17. By Sebastien Bacher

* Resync on Debian,
  remaining changes:
* debian/control:
  - don't build-depends on gir-repository-dev it's not required
* debian/patches/ubuntu-gir-version.patch:
  - use the current gobject introspection abi

16. By Colin Watson

* Cherry-pick from Debian's git repository:
  - Do not print a debugging message before doing the domain check
    (Gustavo Noronha Silva).

15. By Sebastien Bacher

* Resync on Debian
* WebKit/gtk/JSCore-1.0.gir:
  - updated for the new gobject introspection version
  - don't update the js version, thanks Maia Kozheva (lp: #616387)

14. By Sebastien Bacher

WebKit/gtk/JSCore-1.0.gir: set gir version to 1.1

13. By Sebastien Bacher

Rebuild with the new gobject introspection

12. By Gustavo Noronha Silva

* New upstream stable release
- fixes building with ICU 4.4.1 (Closes: #589046)
- all CVE patches included, so drop them

11. By Gustavo Noronha Silva

[ Michael Gilbert ]
* Turn direct source changes into a patch.
* Fix cve-2010-1386: geolocation information disclosure.
* Fix cve-2010-1392: possible code execution in html button logic.
* Fix cve-2010-1405: possible code execution in vertical positioning logic.
* Fix cve-2010-1407: iframe information disclosure.
* Fix cve-2010-1416: svg cross-site information disclosure.
* Fix cve-2010-1417: possible code execution in the css implementation (this
  is currently duplicated as cve-2010-1665 in mitre's cve database).
* Fix cve-2010-1418: remote web script and/or html injection.
* Fix cve-2010-1421: remote modification of clipboard contents.
* Fix cve-2010-1422: keyboard focus hijack (this is duplicated as
  cve-2010-2295 in mitre's cve database).
* Fix cve-2010-1501: add check to prevent cross-site request forgery (this
  may be duplicated as cve-2010-1767 in mitre's cve database).
* Fix cve-2010-1664: possible code execution due to improper html5 media
  handling.
* Fix cve-2010-1758: possible code execution in xml dom processor.
* Fix cve-2010-1759: another possible code execution issue in the xml dom
  processor (this is duplicated as cve-2010-2300 in mitre's database).
* Fix cve-2010-1760: user credential information disclosure.
* Fix cve-2010-1761: possible code execution in frameview logic.
* Fix cve-2010-1762: webscript and/or html injection using the textarea
  element (this is duplicated as cve-2010-2301 in mitre's database).
* Fix cve-2010-1770: possible code execution due to improper handling of the
  ibm1147 character set.
* Fix cve-2010-1771: possible code execution due to improper font handling
  (this is duplicated as cve-2010-2302 in mitre's database).
* Fix cve-2010-1772: geolocation disconnectframe timer issue (this is
  duplicated as cve-2010-2303 in mitre's database).
* Fix cve-2010-1773: integer overflow in alphabet conversion (this is
  duplicated as cve-2010-2304 and cve-2010-2441 in mitre's database)
  closes: #586547.
* Fix cve-2010-1774: integer overflow in table layout handling (this is
  duplicated as cve-2010-2297 in mitre's database).

[ Gustavo Noronha Silva ]
* New upstream release
- adds a new symbol, fixed symbols file to include it
* debian/patches/01-fix-bashism-in-build.patch:
- removed, no longer needed

10. By Gustavo Noronha Silva

* debian/patches/01-fix-bashism-in-build.diff:
- remove bashism from the code that handles Web Inspector files,
  that end up not being installed. (Closes: #581893)
* Marking this release as urgency=high, given the 1.2.0 series was
  already well tested, and testing has a quite buggy version for some
  time now.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/natty/webkit
This branch contains Public information 
Everyone can see this information.

Subscribers