1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
Candidate: CVE-2010-3259
PublicDate: 2010-09-07
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
http://www.ubuntu.com/usn/usn-1006-1
Description:
WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google
Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly
restrict read access to images derived from CANVAS elements, which allows
remote attackers to bypass the Same Origin Policy and obtain potentially
sensitive image data via a crafted web site.
Ubuntu-Description:
Notes:
jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details)
jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit.
mdeslaur> webkitkde is a wrapper around qt4-x11's webkit.
Bugs:
Priority: low
Discovered-by:
Assigned-to: micahg
Patches_webkit:
upstream: http://trac.webkit.org/changeset/65826
upstream_webkit: released (1.2.5)
dapper_webkit: DNE
hardy_webkit: ignored (reached end of life)
jaunty_webkit: ignored (reached end-of-life)
karmic_webkit: released (1.2.5-0ubuntu0.9.10.1)
lucid_webkit: released (1.2.5-0ubuntu0.10.04.1)
maverick_webkit: released (1.2.5-0ubuntu0.10.10.1)
natty_webkit: not-affected (1.2.5-0ubuntu2)
oneiric_webkit: not-affected (1.2.5-0ubuntu2)
devel_webkit: not-affected (1.2.5-0ubuntu2)
Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
jaunty_qt4-x11: ignored (reached end-of-life)
karmic_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: ignored (see notes)
maverick_qt4-x11: not-affected (webkit isn't built)
natty_qt4-x11: not-affected (webkit isn't built)
oneiric_qt4-x11: not-affected (webkit isn't built)
devel_qt4-x11: not-affected (webkit isn't built)
Patches_chromium-browser:
upstream_chromium-browser: released (6.0.472.53)
dapper_chromium-browser: DNE
hardy_chromium-browser: DNE
jaunty_chromium-browser: DNE
karmic_chromium-browser: DNE
lucid_chromium-browser: released (6.0.472.53~r57914-0ubuntu0.10.04.1)
maverick_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
natty_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
oneiric_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
devel_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
|