Ubuntu

webkit 1.2.5 security update tracking bug

Reported by Marc Deslauriers on 2010-10-13
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webkit (Ubuntu)
Undecided
Unassigned
Karmic
Medium
Marc Deslauriers
Lucid
Medium
Marc Deslauriers
Maverick
Medium
Marc Deslauriers
Changed in webkit (Ubuntu Karmic):
status: New → In Progress
Changed in webkit (Ubuntu Maverick):
status: New → In Progress
Changed in webkit (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Lucid):
importance: Undecided → Medium
Changed in webkit (Ubuntu Karmic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Maverick):
importance: Undecided → Medium
Changed in webkit (Ubuntu Karmic):
importance: Undecided → Medium
Jamie Strandboge (jdstrand) wrote :

Pocket copied webkit to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Changed in webkit (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in webkit (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in webkit (Ubuntu Karmic):
status: In Progress → Fix Committed
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Nandan Vaidya (gotunandan) wrote :

I have tested webkit 1.2.5 on ubuntu 9.10 (karmic) with the following applications: empathy, liferea, midori and epiphany.

Tested out twitter, facebook, identi.ca , ran some javascript benchmark tests (v8 -run6, acid3).

The new twitter interface seems to slow down both midori and epiphany and makes the cpu usage go haywire, but I believe that was the case earlier as well, not necessarily due to this.

Other than that, it seems to be working fine, just as well as before.

Please let me know if there is any more information that I could add or test anything further ?

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.9.10.1

---------------
webkit (1.2.5-0ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: Rebuilt new stable release 1.2.5 for karmic to fix
    multiple security issues. (LP: #660075)
     - CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047
     - CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
     - CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314
     - CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656
     - CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390
     - CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
     - CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398
     - CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
     - CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407
     - CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412
     - CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417
     - CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422
     - CVE-2010-1501, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758
     - CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
     - CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770
     - CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774
     - CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783
     - CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
     - CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793
     - CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815
     - CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113
     - CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3248
     - CVE-2010-3257, CVE-2010-3259
  * debian/control, debian/rules, debian/gir1.0-webkit-1.0.install,
    debian/libwebkit-dev.install: don't build introspection support for
    karmic.
  * debian/patches/ubuntu-gir-version.patch: removed for karmic
  * debian/patches/karmic-libsoup-version.patch: Revert libsoup
    Content-Encoding support since we only have libsoup2.4 2.28.1 in
    karmic.
  * debian/control: changed libsoup2.4 dependency for version in karmic
  * debian/rules, debian/control: Don't use source format 3.0 for karmic,
    but add quilt patch system.
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:23:26 -0400

Changed in webkit (Ubuntu Karmic):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

Thanks! Copied karmic update to -updates/-security, but keeping v-needed for lucid/maverick.

Anmar Oueja (anmar) wrote :

Tested it with rhytmbox and shotwell with no new issues. Looks good to me.

Marc Deslauriers (mdeslaur) wrote :

I just tested epiphany-browser and devhelp on both lucid and maverick without problems.

Martin Pitt (pitti) on 2010-10-19
tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.10.04.1

---------------
webkit (1.2.5-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Rebuilt new stable release 1.2.5 for lucid to fix
    multiple security issues. (LP: #660075)
     - CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407
     - CVE-2010-1412, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418
     - CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1501
     - CVE-2010-1664, CVE-2010-1665, CVE-2010-1758, CVE-2010-1759
     - CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1767
     - CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773
     - CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782
     - CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786
     - CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792
     - CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814
     - CVE-2010-1815, CVE-2010-2264, CVE-2010-2647, CVE-2010-2648
     - CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116
     - CVE-2010-3248, CVE-2010-3257, CVE-2010-3259
  * debian/patches/ubuntu-gir-version.patch: removed for lucid
  * debian/control: add gir-repository-dev back to build-depends for lucid
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:39:02 -0400

Changed in webkit (Ubuntu Lucid):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.10.10.1

---------------
webkit (1.2.5-0ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: Updated to new stable release 1.2.5 to fix multiple
    security issues. (LP: #660075)
    - CVE-2010-1780
    - CVE-2010-1807
    - CVE-2010-1812
    - CVE-2010-1814
    - CVE-2010-1815
    - CVE-2010-3113
    - CVE-2010-3114
    - CVE-2010-3115
    - CVE-2010-3116
    - CVE-2010-3257
    - CVE-2010-3259
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:43:51 -0400

Changed in webkit (Ubuntu Maverick):
status: Fix Committed → Fix Released
Martin Pitt (pitti) wrote :

    webkit | 1.2.5-0ubuntu2 | natty | source

Changed in webkit (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers