~ubuntu-security/ubuntu-cve-tracker/master : contents of retired/CVE-2010-3259 at revision 13266

~ubuntu-security/ubuntu-cve-tracker/master : (revision 13266)
Candidate: CVE-2010-3259
PublicDate: 2010-09-07
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3259
 http://www.ubuntu.com/usn/usn-1006-1
Description:
 WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, Google
 Chrome before 6.0.472.53, and webkitgtk before 1.2.6, does not properly
 restrict read access to images derived from CANVAS elements, which allows
 remote attackers to bypass the Same Origin Policy and obtain potentially
 sensitive image data via a crafted web site.
Ubuntu-Description:
Notes:
 jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details)
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit.
 mdeslaur> webkitkde is a wrapper around qt4-x11's webkit.
Bugs:
Priority: low
Discovered-by:
Assigned-to: micahg

Patches_webkit:
  upstream: http://trac.webkit.org/changeset/65826
upstream_webkit: released (1.2.5)
dapper_webkit: DNE
hardy_webkit: ignored (reached end of life)
jaunty_webkit: ignored (reached end-of-life)
karmic_webkit: released (1.2.5-0ubuntu0.9.10.1)
lucid_webkit: released (1.2.5-0ubuntu0.10.04.1)
maverick_webkit: released (1.2.5-0ubuntu0.10.10.1)
natty_webkit: not-affected (1.2.5-0ubuntu2)
oneiric_webkit: not-affected (1.2.5-0ubuntu2)
devel_webkit: not-affected (1.2.5-0ubuntu2)

Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
jaunty_qt4-x11: ignored (reached end-of-life)
karmic_qt4-x11: ignored (reached end-of-life)
lucid_qt4-x11: ignored (see notes)
maverick_qt4-x11: not-affected (webkit isn't built)
natty_qt4-x11: not-affected (webkit isn't built)
oneiric_qt4-x11: not-affected (webkit isn't built)
devel_qt4-x11: not-affected (webkit isn't built)

Patches_chromium-browser:
upstream_chromium-browser: released (6.0.472.53)
dapper_chromium-browser: DNE
hardy_chromium-browser: DNE
jaunty_chromium-browser: DNE
karmic_chromium-browser: DNE
lucid_chromium-browser: released (6.0.472.53~r57914-0ubuntu0.10.04.1)
maverick_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
natty_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
oneiric_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)
devel_chromium-browser: not-affected (6.0.472.53~r57914-0ubuntu1)