Bug 640382

Summary: CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]
Product: [Fedora] Fedora Reporter: Vincent Danen <vdanen>
Component: webkitgtkAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 13CC: fedora, kevin, martin.sourada, mtasaka, peter
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-02 16:30:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 627703, 628032, 628035, 628071, 631939, 631946, 631948, 640353, 640357, 640360    

Description Vincent Danen 2010-10-05 17:17:41 UTC 
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.

For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032

Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.


[bug automatically created by: add-tracking-bugs]
Comment 1 Vincent Danen 2010-10-05 17:17:57 UTC 
    Adding parent bug CVE-2010-1814
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946
Comment 2 Vincent Danen 2010-10-05 17:18:10 UTC 
    Adding parent bug CVE-2010-1812
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939
Comment 3 Vincent Danen 2010-10-05 17:18:24 UTC 
    Adding parent bug CVE-2010-1815
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948
Comment 4 Vincent Danen 2010-10-05 17:18:35 UTC 
    Adding parent bug CVE-2010-3115
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071
Comment 5 Vincent Danen 2010-10-05 17:18:47 UTC 
    Adding parent bug CVE-2010-1807
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703
Comment 6 Vincent Danen 2010-10-05 17:18:59 UTC 
    Adding parent bug CVE-2010-3114
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035
Comment 7 Vincent Danen 2010-10-05 17:19:12 UTC 
    Adding parent bug CVE-2010-3116
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353
Comment 8 Vincent Danen 2010-10-05 17:19:25 UTC 
    Adding parent bug CVE-2010-3257
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353,640357
Comment 9 Vincent Danen 2010-10-05 17:19:37 UTC 
    Adding parent bug CVE-2010-3259
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353,640357,640360
Comment 10 Vincent Danen 2010-10-05 17:21:38 UTC 
Updating to 1.2.5 will fix all of these flaws, as per:

What's new in WebKitGTK+ 1.2.5?

  - New stable release, API and ABI compatible with previous 1.2.x
    versions;
  - The patches to fix the following CVEs are included with help from
    Vincent Danen and other members of the Red Hat security team:

      CVE-2010-1780 CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
      CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
      CVE-2010-3116 CVE-2010-3257 CVE-2010-3259

Note that this version doesn't fix CVE-2010-1780; that was fixed in 1.2.4, see the note in https://bugzilla.redhat.com/show_bug.cgi?id=627366#c5 for more info there.
Comment 11 Fedora Admin XMLRPC Client 2011-03-15 17:19:05 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 12 Kevin Fenzi 2011-04-30 18:20:40 UTC 
This should be long since closed now?
Comment 13 Vincent Danen 2011-05-02 16:30:25 UTC 
Yes, you are right.  webkitgtk 1.2.7 is the oldest version we have now, which corrects these flaws.  Thanks.