* [2010-09-08 21:21:48 -0600] Kevin Fenzi wrote:
On Wed, 8 Sep 2010 19:08:39 -0600
Vincent Danen <vdanen(a)redhat.com> wrote:
> * [2010-09-08 16:42:34 -0600] Kevin Fenzi wrote:
>
> >ok.
> >
> >I now have:
> >
> >* Wed Sep 08 2010 Kevin Fenzi <kevin(a)tummy.com> - 1.2.4-1
> >- Update to 1.2.4 which fixes:
> >- Fixes: CVE-2010-1780 CVE-2010-1782 CVE-2010-1784 CVE-2010-1785
> >- Fixes: CVE-2010-1786 CVE-2010-1787 CVE-2010-1788 CVE-2010-1790
> >- Fixes: CVE-2010-1792 CVE-2010-1793 CVE-2010-2648
> >- Update to 1.2.3 which fixes:
> >- Fixes: CVE-2010-1386 CVE-2010-1392 CVE-2010-1405 CVE-2010-1407
> >- Fixes: CVE-2010-1416 CVE-2010-1417 CVE-2010-1665 CVE-2010-1418
> >- Fixes: CVE-2010-1421 CVE-2010-1422 CVE-2010-1501 CVE-2010-1767
> >- Fixes: CVE-2010-1664 CVE-2010-1758 CVE-2010-1759 CVE-2010-1760
> >- Fixes: CVE-2010-1761 CVE-2010-1762 CVE-2010-1770 CVE-2010-1771
> >- Fixes: CVE-2010-1772 CVE-2010-1773 CVE-2010-1774 CVE-2010-2264
>
> Everything before this looks correct.
>
> >- Fixes bugs: 606303 606304 615728 615729 631583 631948 631946 631942
> >- Fixes bugs: 631939
>
> Remove 631948, 631946, 631942, and 631949 - those issues are not yet
> corrected upstream (they're corrected in webkit svn, but not in
> webkitgtk). They'll be fixed in 1.2.5 I think (as a hint, the CVE
> names they reference (CVE-2010-18*) are nowhere in the above list).
Ah yes, it's been a crazy day. :(
Sorry about that.
No worries. I've had my fair share of webkit today too. Enough to
drive anyone crazy. =)
> Once those four bugs are removed, I think it's good. =)
ok. Will push the updates now.
Thanks.
You're welcome. Thanks for being on top of it. =)
--
Vincent Danen / Red Hat Security Response Team