Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 284132 (CVE-2009-1698)

Summary: [TRACKER] WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698)
Product: Gentoo Security Reporter: Alex Legler (RETIRED) <a3li>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: esigra
Priority: High Keywords: Tracker
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 287494    
Bug Blocks:    

Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-08 11:03:54 UTC 
CVE-2009-1698 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1698):
  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
  iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
  pointer during handling of a Cascading Style Sheets (CSS) attr
  function call with a large numerical argument, which allows remote
  attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted HTML
  document.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 22:36:43 UTC 
Patched here: https://bugs.gentoo.org/show_bug.cgi?id=279187

*** This bug has been marked as a duplicate of bug 279187 ***
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-14 22:39:12 UTC 
kdelibs done doesn't mean other webkit implementations are not fixed.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-14 22:39:32 UTC 
eh s/not//
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-01-05 06:11:33 UTC 
Changing whiteboard so this can be wrapped into a webkit-gtk GLSA.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:14:25 UTC 
No GLSA for you.