Bug 284140 (CVE-2009-1703)

Summary:	[TRACKER] <net-libs/webkit-gtk-1.1.10: WebKit file: URL file existence disclosure (CVE-2009-1703)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	esigra
Priority:	High	Keywords:	Tracker
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1703
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	287494
Bug Blocks:

Description Alex Legler (RETIRED) archtester

2009-09-08 11:04:29 UTC

CVE-2009-1703 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1703):
  WebKit in Apple Safari before 4.0 does not prevent references to
  file: URLs within (1) audio and (2) video elements, which allows
  remote attackers to determine the existence of arbitrary files via a
  crafted HTML document.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-01-05 06:13:45 UTC

According to https://bugs.gentoo.org/show_bug.cgi?id=287494#c0, this issue was fixed in =net-libs/webkit-gtk-1.1.10. Updating status to [glsa], so it shows up in reports accordingly.

Comment 2 Chris Reffett (RETIRED) gentoo-dev

2013-09-12 22:19:13 UTC

Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.