Bug 284121 (CVE-2009-1690)

Summary:	[TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	esigra
Priority:	High	Keywords:	Tracker
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
Whiteboard:	B2 [ebuild]
Package list:		Runtime testing required:	---
Bug Depends on:	274566, 287494
Bug Blocks:

Description Alex Legler (RETIRED) archtester

2009-09-08 11:02:57 UTC

CVE-2009-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1690):
  Use-after-free vulnerability in WebKit, as used in Apple Safari
  before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch
  1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other
  products, allows remote attackers to execute arbitrary code or cause
  a denial of service (memory corruption and application crash) by
  setting an unspecified property of an HTML tag that causes child
  elements to be freed and later accessed when an HTML error occurs,
  related to "recursion in certain DOM event handlers."

Comment 1 Chris Reffett (RETIRED) gentoo-dev

2013-09-12 22:18:11 UTC

Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.