webkit 1.2.5 security update tracking bug

Bug #660075 reported by Marc Deslauriers
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
webkit (Ubuntu)
Fix Released
Undecided
Unassigned
Karmic
Fix Released
Medium
Marc Deslauriers
Lucid
Fix Released
Medium
Marc Deslauriers
Maverick
Fix Released
Medium
Marc Deslauriers
Changed in webkit (Ubuntu Karmic):
status: New → In Progress
Changed in webkit (Ubuntu Maverick):
status: New → In Progress
Changed in webkit (Ubuntu Lucid):
status: New → In Progress
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Maverick):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Lucid):
importance: Undecided → Medium
Changed in webkit (Ubuntu Karmic):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in webkit (Ubuntu Maverick):
importance: Undecided → Medium
Changed in webkit (Ubuntu Karmic):
importance: Undecided → Medium
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Pocket copied webkit to proposed. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

tags: added: verification-needed
Changed in webkit (Ubuntu Lucid):
status: In Progress → Fix Committed
Changed in webkit (Ubuntu Maverick):
status: In Progress → Fix Committed
Changed in webkit (Ubuntu Karmic):
status: In Progress → Fix Committed
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

To ubuntu-sru: if this passes the verification process, please also pocket copy to security. Thanks!

Revision history for this message
Nandan Vaidya (gotunandan) wrote :

I have tested webkit 1.2.5 on ubuntu 9.10 (karmic) with the following applications: empathy, liferea, midori and epiphany.

Tested out twitter, facebook, identi.ca , ran some javascript benchmark tests (v8 -run6, acid3).

The new twitter interface seems to slow down both midori and epiphany and makes the cpu usage go haywire, but I believe that was the case earlier as well, not necessarily due to this.

Other than that, it seems to be working fine, just as well as before.

Please let me know if there is any more information that I could add or test anything further ?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.9.10.1

---------------
webkit (1.2.5-0ubuntu0.9.10.1) karmic-security; urgency=low

  * SECURITY UPDATE: Rebuilt new stable release 1.2.5 for karmic to fix
    multiple security issues. (LP: #660075)
     - CVE-2009-2797, CVE-2009-2841, CVE-2010-0046, CVE-2010-0047
     - CVE-2010-0048, CVE-2010-0049, CVE-2010-0050, CVE-2010-0051
     - CVE-2010-0052, CVE-2010-0053, CVE-2010-0054, CVE-2010-0314
     - CVE-2010-0647, CVE-2010-0650, CVE-2010-0651, CVE-2010-0656
     - CVE-2010-1386, CVE-2010-1387, CVE-2010-1389, CVE-2010-1390
     - CVE-2010-1391, CVE-2010-1392, CVE-2010-1393, CVE-2010-1394
     - CVE-2010-1395, CVE-2010-1396, CVE-2010-1397, CVE-2010-1398
     - CVE-2010-1400, CVE-2010-1401, CVE-2010-1402, CVE-2010-1403
     - CVE-2010-1404, CVE-2010-1405, CVE-2010-1406, CVE-2010-1407
     - CVE-2010-1408, CVE-2010-1409, CVE-2010-1410, CVE-2010-1412
     - CVE-2010-1414, CVE-2010-1415, CVE-2010-1416, CVE-2010-1417
     - CVE-2010-1418, CVE-2010-1419, CVE-2010-1421, CVE-2010-1422
     - CVE-2010-1501, CVE-2010-1664, CVE-2010-1665, CVE-2010-1758
     - CVE-2010-1759, CVE-2010-1760, CVE-2010-1761, CVE-2010-1762
     - CVE-2010-1764, CVE-2010-1766, CVE-2010-1767, CVE-2010-1770
     - CVE-2010-1771, CVE-2010-1772, CVE-2010-1773, CVE-2010-1774
     - CVE-2010-1780, CVE-2010-1781, CVE-2010-1782, CVE-2010-1783
     - CVE-2010-1784, CVE-2010-1785, CVE-2010-1786, CVE-2010-1787
     - CVE-2010-1788, CVE-2010-1790, CVE-2010-1792, CVE-2010-1793
     - CVE-2010-1807, CVE-2010-1812, CVE-2010-1814, CVE-2010-1815
     - CVE-2010-2264, CVE-2010-2647, CVE-2010-2648, CVE-2010-3113
     - CVE-2010-3114, CVE-2010-3115, CVE-2010-3116, CVE-2010-3248
     - CVE-2010-3257, CVE-2010-3259
  * debian/control, debian/rules, debian/gir1.0-webkit-1.0.install,
    debian/libwebkit-dev.install: don't build introspection support for
    karmic.
  * debian/patches/ubuntu-gir-version.patch: removed for karmic
  * debian/patches/karmic-libsoup-version.patch: Revert libsoup
    Content-Encoding support since we only have libsoup2.4 2.28.1 in
    karmic.
  * debian/control: changed libsoup2.4 dependency for version in karmic
  * debian/rules, debian/control: Don't use source format 3.0 for karmic,
    but add quilt patch system.
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:23:26 -0400

Changed in webkit (Ubuntu Karmic):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Thanks! Copied karmic update to -updates/-security, but keeping v-needed for lucid/maverick.

Revision history for this message
Anmar Oueja (anmar) wrote :

Tested it with rhytmbox and shotwell with no new issues. Looks good to me.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I just tested epiphany-browser and devhelp on both lucid and maverick without problems.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.10.04.1

---------------
webkit (1.2.5-0ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: Rebuilt new stable release 1.2.5 for lucid to fix
    multiple security issues. (LP: #660075)
     - CVE-2010-1386, CVE-2010-1392, CVE-2010-1405, CVE-2010-1407
     - CVE-2010-1412, CVE-2010-1416, CVE-2010-1417, CVE-2010-1418
     - CVE-2010-1419, CVE-2010-1421, CVE-2010-1422, CVE-2010-1501
     - CVE-2010-1664, CVE-2010-1665, CVE-2010-1758, CVE-2010-1759
     - CVE-2010-1760, CVE-2010-1761, CVE-2010-1762, CVE-2010-1767
     - CVE-2010-1770, CVE-2010-1771, CVE-2010-1772, CVE-2010-1773
     - CVE-2010-1774, CVE-2010-1780, CVE-2010-1781, CVE-2010-1782
     - CVE-2010-1783, CVE-2010-1784, CVE-2010-1785, CVE-2010-1786
     - CVE-2010-1787, CVE-2010-1788, CVE-2010-1790, CVE-2010-1792
     - CVE-2010-1793, CVE-2010-1807, CVE-2010-1812, CVE-2010-1814
     - CVE-2010-1815, CVE-2010-2264, CVE-2010-2647, CVE-2010-2648
     - CVE-2010-3113, CVE-2010-3114, CVE-2010-3115, CVE-2010-3116
     - CVE-2010-3248, CVE-2010-3257, CVE-2010-3259
  * debian/patches/ubuntu-gir-version.patch: removed for lucid
  * debian/control: add gir-repository-dev back to build-depends for lucid
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:39:02 -0400

Changed in webkit (Ubuntu Lucid):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package webkit - 1.2.5-0ubuntu0.10.10.1

---------------
webkit (1.2.5-0ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: Updated to new stable release 1.2.5 to fix multiple
    security issues. (LP: #660075)
    - CVE-2010-1780
    - CVE-2010-1807
    - CVE-2010-1812
    - CVE-2010-1814
    - CVE-2010-1815
    - CVE-2010-3113
    - CVE-2010-3114
    - CVE-2010-3115
    - CVE-2010-3116
    - CVE-2010-3257
    - CVE-2010-3259
 -- Marc Deslauriers <email address hidden> Wed, 13 Oct 2010 13:43:51 -0400

Changed in webkit (Ubuntu Maverick):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

    webkit | 1.2.5-0ubuntu2 | natty | source

Changed in webkit (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.