Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 279027

Summary: <=kde-base/kdelibs-{3.5.10,4.2.4} Remote code execution (CVE-2009-1725)
Product: Gentoo Security Reporter: Robert Förster <Dessa>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal CC: esigra, jaak
Priority: High Keywords: InVCS
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---
Bug Depends on: 292791    
Bug Blocks: 281818    
Attachments:
Description Flags
patch from upstream svn
none
patch from upstream svn none

Description Robert Förster 2009-07-25 11:12:33 UTC
CVE-2009-1725 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1725):
  WebKit in Apple Safari before 4.0.2 does not properly handle numeric
  character references, which allows remote attackers to execute arbitrary
  code or cause a denial of service (memory corruption and application crash)
  via a crafted HTML document.
Comment 1 Robert Förster 2009-07-25 11:13:18 UTC
Created attachment 199102 [details, diff]
patch from upstream svn
Comment 2 Robert Förster 2009-07-25 11:14:17 UTC
Created attachment 199104 [details, diff]
patch from upstream svn

not (yet?) backported by upstream, but should apply from what i see
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2009-07-30 13:30:24 UTC
kde4: commited + revbumped.
Comment 4 Jaak Ristioja 2010-01-01 22:35:18 UTC
Ok, and since I see no KDE3 in portage, lets close this?
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-06 21:09:23 UTC
No, it needs a glsa.
Comment 6 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2010-01-23 15:22:43 UTC
KDE 3 is not in tree any more. CC us again if you need anything. thanks
Comment 7 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 19:48:02 UTC
KDE 3 long gone.