640382 – CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]

Bug 640382 - CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]

Summary: CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-201...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	webkitgtk
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Kevin Fenzi
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	CVE-2010-1807 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
TreeView+	depends on / blocked

Reported:	2010-10-05 17:17 UTC by Vincent Danen
Modified:	2011-05-02 16:30 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Release Note
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-05-02 16:30:25 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Vincent Danen 2010-10-05 17:17:41 UTC

This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.

For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032

Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.


[bug automatically created by: add-tracking-bugs]

Comment 1 Vincent Danen 2010-10-05 17:17:57 UTC

    Adding parent bug CVE-2010-1814
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946

Comment 2 Vincent Danen 2010-10-05 17:18:10 UTC

    Adding parent bug CVE-2010-1812
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939

Comment 3 Vincent Danen 2010-10-05 17:18:24 UTC

    Adding parent bug CVE-2010-1815
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948

Comment 4 Vincent Danen 2010-10-05 17:18:35 UTC

    Adding parent bug CVE-2010-3115
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071

Comment 5 Vincent Danen 2010-10-05 17:18:47 UTC

    Adding parent bug CVE-2010-1807
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703

Comment 6 Vincent Danen 2010-10-05 17:18:59 UTC

    Adding parent bug CVE-2010-3114
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035

Comment 7 Vincent Danen 2010-10-05 17:19:12 UTC

    Adding parent bug CVE-2010-3116
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353

Comment 8 Vincent Danen 2010-10-05 17:19:25 UTC

    Adding parent bug CVE-2010-3257
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353,640357

Comment 9 Vincent Danen 2010-10-05 17:19:37 UTC

    Adding parent bug CVE-2010-3259
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071,627703,628035,640353,640357,640360

Comment 10 Vincent Danen 2010-10-05 17:21:38 UTC

Updating to 1.2.5 will fix all of these flaws, as per:

What's new in WebKitGTK+ 1.2.5?

  - New stable release, API and ABI compatible with previous 1.2.x
    versions;
  - The patches to fix the following CVEs are included with help from
    Vincent Danen and other members of the Red Hat security team:

      CVE-2010-1780 CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
      CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
      CVE-2010-3116 CVE-2010-3257 CVE-2010-3259

Note that this version doesn't fix CVE-2010-1780; that was fixed in 1.2.4, see the note in https://bugzilla.redhat.com/show_bug.cgi?id=627366#c5 for more info there.

Comment 11 Fedora Admin XMLRPC Client 2011-03-15 17:19:05 UTC

This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 12 Kevin Fenzi 2011-04-30 18:20:40 UTC

This should be long since closed now?

Comment 13 Vincent Danen 2011-05-02 16:30:25 UTC

Yes, you are right.  webkitgtk 1.2.7 is the oldest version we have now, which corrects these flaws.  Thanks.

Note You need to log in before you can comment on or make changes to this bug.