oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] Webkit Roundup

[oss-security] Webkit Roundup

From: Michael Gilbert <michael.s.gilbert_at_nospam>
Date: Sat Feb 05 2011 - 22:45:37 GMT
To: oss-security@lists.openwall.com

Hello,

I've been doing some work on applying security patches to the stable
webkitgtk release in Debian. However, I've found a lot of the security
issues were published without sufficient detail to be able to review
the problems. I would really appreciate help resolving the status of
the following issues. You can see the current state of what we know in
the Debian security tracker [0].

CVE-2008-1010, CVE-2008-1011:
- This is a case of apple providing no useful info, but are two redhat
bug reports; both of which are claim the issues fixed as of svn31787,
unfortunately, there is no info about the actual problems to be able to
check. I suppose there is no reason to believe these are still open,
but I would feel more comfortable if there were some concrete info
about the problems to be able to check.

CVE-2009-2068:
- This issue was assigned based on an academic paper, and there are no
patches or fixes for reference in the CVE references. Chrome claims
the issue is fixed as of version 5.0.342.9. Was webkit itself ever
affected by this issue, and when was it fixed?

CVE-2010-1403, CVE-2010-1404:
- According to redhat, both of these issues were fixed in the same
webkit commit. That seems a bit surprising, but may be true. I was
just wondering if anyone can confirm that the info is correct?
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1403
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-1404

CVE-2010-1757:
- This issue sounds like an iphone-specific duplicate of
CVE-2010-2441. If that is the case, can the two CVEs be merged? If
its a different problem, is it in iphone-specific or is webkit itself
affected?

CVE-2010-1781:
- This is claimed fixed by Vincent Danen in webkitgtk 1.2.4, but there
is no redhat bug report about it and no info available to check whether
this is indeed fixed or not. Does anyone have any info on this?
http://gitorious.org/webkitgtk/stable/commit/9d07fda89aab7105962d933eef32ca15dda610d8

CVE-2010-1783:
- According to redhat's info webkit commit 62134 fixes this, which is
believed to be the same commit that fixes CVE-2010-2899, but google is
still embargoing the bug report for that. Does anyone have any info?
http://code.google.com/p/chromium/issues/detail?id=42736

CVE-2010-2264:
- This is claimed to fixed in webkitgtk 1.2.3, but wasn't noted until
after the fact. There is no info anywhere to be able to check that this
statement is true.
http://gitorious.org/webkitgtk/stable/commit/9d07fda89aab7105962d933eef32ca15dda610d8

CVE-2010-3803, CVE-2010-3804, CVE-2010-3805, CVE-2010-3808,
CVE-2010-3809, CVE-2010-3810, CVE-2010-3811, CVE-2010-3816,
CVE-2010-3817, CVE-2010-3818, CVE-2010-3819, CVE-2010-3820,
CVE-2010-3821, CVE-2010-3822, CVE-2010-3823, CVE-2010-3824,
CVE-2010-3826, CVE-2010-3829:
- These are all recent apple webkit announcements without any relevant
details :( Does anyone have any info to be able to check this deluge
of issues?

Thanks so much for any help in advance.

Best wishes,
Mike

[0] http://security-tracker.debian.org/tracker/source-package/webkit