PublicDate: 2008-04-17 19:05:00 UTC
Candidate: CVE-2008-1025
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1025
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479644
Description:
 Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in Safari
 before 3.1.1, allows remote attackers to inject arbitrary web script or
 HTML via a crafted URL with a colon in the hostname portion.
Ubuntu-Description:
Notes:
 mdeslaur> this bug doesn't affect qt4-x11 as per debian bug. 
Bugs:
Priority: low
Discovered-by: Robert Swiecki and David Bloom
Assigned-to: micahg
CVSS: 

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/31438
upstream_webkit: released (3.1.1)
dapper_webkit: DNE
feisty_webkit: DNE
gutsy_webkit: needed (reached end-of-life)
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: not-affected (1.0.1-2)
jaunty_webkit: not-affected (1.0.1-4)
karmic_webkit: not-affected (1.0.1-4)
lucid_webkit: not-affected (1.0.1-4)
maverick_webkit: not-affected (1.0.1-4)
natty_webkit: not-affected (1.0.1-4)
devel_webkit: not-affected (1.0.1-4)