Bug 640382 - CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259 webkitgtk various flaws [fedora-all]
Summary: CVE-2010-3113 CVE-2010-1814 CVE-2010-1812 CVE-2010-1815 CVE-2010-3115 CVE-201...
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: webkitgtk
Version: 13
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: Security, SecurityTracking
Depends On:
Blocks: CVE-2010-1807 CVE-2010-3113 CVE-2010-3114 CVE-2010-3115 CVE-2010-1812 CVE-2010-1814 CVE-2010-1815 CVE-2010-3116 CVE-2010-3257 CVE-2010-3259
TreeView+ depends on / blocked
 
Reported: 2010-10-05 17:17 UTC by Vincent Danen
Modified: 2011-05-02 16:30 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-05-02 16:30:25 UTC


Attachments (Terms of Use)

Description Vincent Danen 2010-10-05 17:17:41 UTC
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.

For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032

Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please only close it when all
affected versions are fixed.


[bug automatically created by: add-tracking-bugs]

Comment 1 Vincent Danen 2010-10-05 17:17:57 UTC
    Adding parent bug CVE-2010-1814
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946

Comment 2 Vincent Danen 2010-10-05 17:18:10 UTC
    Adding parent bug CVE-2010-1812
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939

Comment 3 Vincent Danen 2010-10-05 17:18:24 UTC
    Adding parent bug CVE-2010-1815
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948

Comment 4 Vincent Danen 2010-10-05 17:18:35 UTC
    Adding parent bug CVE-2010-3115
    New bodhi update url:
    https://admin.fedoraproject.org/updates/new/?type_=security&bugs=628032,631946,631939,631948,628071

Comment 10 Vincent Danen 2010-10-05 17:21:38 UTC
Updating to 1.2.5 will fix all of these flaws, as per:

What's new in WebKitGTK+ 1.2.5?

  - New stable release, API and ABI compatible with previous 1.2.x
    versions;
  - The patches to fix the following CVEs are included with help from
    Vincent Danen and other members of the Red Hat security team:

      CVE-2010-1780 CVE-2010-3113 CVE-2010-1814 CVE-2010-1812
      CVE-2010-1815 CVE-2010-3115 CVE-2010-1807 CVE-2010-3114
      CVE-2010-3116 CVE-2010-3257 CVE-2010-3259

Note that this version doesn't fix CVE-2010-1780; that was fixed in 1.2.4, see the note in https://bugzilla.redhat.com/show_bug.cgi?id=627366#c5 for more info there.

Comment 11 Fedora Admin XMLRPC Client 2011-03-15 17:19:05 UTC
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.

Comment 12 Kevin Fenzi 2011-04-30 18:20:40 UTC
This should be long since closed now?

Comment 13 Vincent Danen 2011-05-02 16:30:25 UTC
Yes, you are right.  webkitgtk 1.2.7 is the oldest version we have now, which corrects these flaws.  Thanks.


Note You need to log in before you can comment on or make changes to this bug.