Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 284125 (CVE-2009-1693)

Summary: [TRACKER] WebKit Cross-Site SVG capture (CVE-2009-1693)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor Keywords: Tracker
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1693
Whiteboard: B4 [ebuild]
Package list:
Runtime testing required: ---

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-08 11:03:19 UTC
CVE-2009-1693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1693):
  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
  iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers
  to read images from arbitrary web sites via a CANVAS element with an
  SVG image, related to a "cross-site image capture issue."
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:21:18 UTC
CVE indicates this is Windows/Mac only.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:25:38 UTC
Apparently I was wrong. Pretty sure we aren't affected, but will investigate further.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:22:30 UTC
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.