CVE-2009-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1690): Use after free vulnerability in WebKit, as used in Apple Safari before 4.0, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Created attachment 195030 [details, diff] patch from upstream svn
+*kdelibs-4.2.4-r2 (17 Jun 2009) + + 17 Jun 2009; Tomáš Chvátal <scarabeus@gentoo.org> + -kdelibs-4.2.4-r1.ebuild, +kdelibs-4.2.4-r2.ebuild, + +files/4.2.4-CVE-2009-1690.patch: + Revision bump. Apply security patch from upstream. Per bug #274566. Remove + affected stuff. + Applied, it compiles, nobody is hacking mine pc :]
Created attachment 195036 [details, diff] patch from upstream svn i was too fast, here is a updated patch (fix crash on <head> occuring twice (CVE-2009-1690)) i hope that is the last one
(In reply to comment #1) > Created an attachment (id=195030) [edit] > patch from upstream svn That one should be a fix for CVE-2009-0945. Only this one should be for 1690: http://websvn.kde.org/?view=rev&revision=983316 (in attachment in comment #3)
(In reply to comment #3) Committed.
removing block, bug #277868 tracker switched to 4.3.1
KDE 4.2.4 is out of tree, reuss as back if we need to do something Current stable is 4.3.3
Vote: YES. Added to pending GLSA request.
Too old. No GLSA for you.
