Bug 284153 (CVE-2009-1718)

Summary:	[TRACKER] <net-libs/webkit-gtk-1.1.10: WebKit Drag event Information Disclosure (CVE-2009-1718)
Product:	Gentoo Security	Reporter:	Alex Legler (RETIRED) <a3li>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	esigra
Priority:	High	Keywords:	Tracker
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1718
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:	287494
Bug Blocks:

Description Alex Legler (RETIRED) archtester

2009-09-08 11:05:30 UTC

CVE-2009-1718 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1718):
  WebKit in Apple Safari before 4.0 allows user-assisted remote
  attackers to obtain sensitive information via vectors involving drag
  events and the dragging of content over a crafted web page.

Comment 1 Tim Sammut (RETIRED) gentoo-dev

2011-01-05 06:14:50 UTC

According to https://bugs.gentoo.org/show_bug.cgi?id=287494#c0, this issue was fixed in =net-libs/webkit-gtk-1.1.10. Updating status to [glsa], so it shows up in reports accordingly.

Comment 2 Chris Reffett (RETIRED) gentoo-dev

2013-09-12 22:17:02 UTC

Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.