CVE-2009-1233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1233): Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements.
could reproduce an infinite loop on 4.4.2-r1.
Is this reproducible with current lowest stable version =x11-libs/qt-webkit-4.6.3-r1 in tree?
(In reply to comment #2) > Is this reproducible with current lowest stable version > =x11-libs/qt-webkit-4.6.3-r1 in tree? Ping. =x11-libs/qt-webkit-4.6* is removed from tree. Lowest stable version in tree is now =x11-libs/qt-webkit-4.7.4. Is this still reproducible?
(In reply to comment #3) > =x11-libs/qt-webkit-4.6* is removed from tree. Lowest stable version in tree > is now =x11-libs/qt-webkit-4.7.4. Is this still reproducible? Not sure. There is a (safe-looking) exploit here if you're able to test. http://downloads.securityfocus.com/vulnerabilities/exploits/34318.py
Could *not* reproduce the crash with qt-webkit-4.8.2 (latest stable), I tried with both www-client/qupzilla and www-client/rekonq
I believe there's nothing further for the Qt team to do: * The issue was not able to be reproduced with a stable version of qtwebkit * I was not able to locate any other information suggesting that the bug affected webkit products other than safari * I could not locate any other Linux distribution tracking the CVE in question (other than to say it does not apply to them) Please feel free to re-CC us if you disagree or require something further from us.
All affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.