1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
PublicDateAtUSN: 2015-08-16
Candidate: CVE-2015-3752
PublicDate: 2015-08-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3752
https://support.apple.com/kb/HT205033
https://support.apple.com/kb/HT205030
http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Aug/msg00000.html
http://www.ubuntu.com/usn/usn-2937-1
Description:
The Content Security Policy implementation in WebKit in Apple Safari before
6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1
and other products, does not properly restrict cookie transmission for
report requests, which allows remote attackers to obtain sensitive
information via vectors involving (1) a cross-origin request or (2) a
private-browsing request.
Ubuntu-Description:
Notes:
jdstrand> webkit receives limited support. For details, see
https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit
jdstrand> webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_webkit:
upstream_webkit: needs-triage
precise_webkit: ignored (see notes)
trusty_webkit: DNE
vivid_webkit: DNE
vivid/stable-phone-overlay_webkit: DNE
vivid/ubuntu-core_webkit: DNE
wily_webkit: DNE
xenial_webkit: DNE
yakkety_webkit: DNE
devel_webkit: DNE
Patches_webkitgtk:
upstream_webkitgtk: needs-triage
precise_webkitgtk: DNE
trusty_webkitgtk: released (2.4.10-0ubuntu0.14.04.1)
vivid_webkitgtk: ignored (reached end-of-life)
vivid/stable-phone-overlay_webkitgtk: DNE
vivid/ubuntu-core_webkitgtk: DNE
wily_webkitgtk: released (2.4.10-0ubuntu0.15.10.1)
xenial_webkitgtk: released (2.4.10-0ubuntu1)
yakkety_webkitgtk: released (2.4.10-0ubuntu1)
devel_webkitgtk: released (2.4.10-0ubuntu1)
Patches_qtwebkit-source:
upstream_qtwebkit-source: needs-triage
precise_qtwebkit-source: ignored (see notes)
trusty_qtwebkit-source: ignored (no update available)
vivid_qtwebkit-source: ignored (reached end-of-life)
vivid/stable-phone-overlay_qtwebkit-source: DNE
vivid/ubuntu-core_qtwebkit-source: DNE
wily_qtwebkit-source: ignored (reached end-of-life)
xenial_qtwebkit-source: ignored (no update available)
yakkety_qtwebkit-source: ignored (no update available)
devel_qtwebkit-source: ignored (no update available)
Patches_qtwebkit-opensource-src: needs-triage
upstream_qtwebkit-opensource-src: needs-triage
precise_qtwebkit-opensource-src: DNE
trusty_qtwebkit-opensource-src: ignored (no update available)
vivid_qtwebkit-opensource-src: ignored (reached end-of-life)
vivid/stable-phone-overlay_qtwebkit-opensource-src: DNE
vivid/ubuntu-core_qtwebkit-opensource-src: DNE
wily_qtwebkit-opensource-src: ignored (reached end-of-life)
xenial_qtwebkit-opensource-src: ignored (no update available)
yakkety_qtwebkit-opensource-src: ignored (no update available)
devel_qtwebkit-opensource-src: ignored (no update available)
|