CVE-2009-0945 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0945): Array index error in the insertItemBefore method in WebKit, as used in Safari before 3.2.3 and 4 Public Beta, Google Chrome Stable before 1.0.154.65, and possibly other products allows remote attackers to execute arbitrary code via a document with a SVGPathList data structure containing a negative index in the (1) SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object, which triggers memory corruption.
The reproducer crashes with 4.4.2-r1, haven't tried 4.5.1. <script> var p = document.createElementNS("http://www.w3.org/2000/svg","path"); p.pathSegList.insertItemBefore(null,1); </script>
According to https://bugzilla.redhat.com/show_bug.cgi?id=506703#c15 this has been fixed in Qt 4.5.2. The oldest version of qt-webkit in portage is 4.5.3.
Please don't close security bugs; even the really old ones. Added to existing GLSA request.
This issue has been fixed since Oct 11, 2009. No GLSA will be issued.