Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 279027 - <=kde-base/kdelibs-{3.5.10,4.2.4} Remote code execution (CVE-2009-1725)
Summary: <=kde-base/kdelibs-{3.5.10,4.2.4} Remote code execution (CVE-2009-1725)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
Keywords: InVCS
Depends on: 292791
Blocks: CVE-2009-1725
  Show dependency tree
Reported: 2009-07-25 11:12 UTC by Robert Förster
Modified: 2013-09-03 19:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

patch from upstream svn (kdelibs-3.5.10-CVE-2009-1725.patch,520 bytes, patch)
2009-07-25 11:13 UTC, Robert Förster
no flags Details | Diff
patch from upstream svn (kdelibs-4.2.4-CVE-2009-1725.patch,513 bytes, patch)
2009-07-25 11:14 UTC, Robert Förster
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Förster 2009-07-25 11:12:33 UTC
CVE-2009-1725 (
  WebKit in Apple Safari before 4.0.2 does not properly handle numeric
  character references, which allows remote attackers to execute arbitrary
  code or cause a denial of service (memory corruption and application crash)
  via a crafted HTML document.
Comment 1 Robert Förster 2009-07-25 11:13:18 UTC
Created attachment 199102 [details, diff]
patch from upstream svn
Comment 2 Robert Förster 2009-07-25 11:14:17 UTC
Created attachment 199104 [details, diff]
patch from upstream svn

not (yet?) backported by upstream, but should apply from what i see
Comment 3 Tomáš Chvátal (RETIRED) gentoo-dev 2009-07-30 13:30:24 UTC
kde4: commited + revbumped.
Comment 4 Jaak Ristioja 2010-01-01 22:35:18 UTC
Ok, and since I see no KDE3 in portage, lets close this?
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-01-06 21:09:23 UTC
No, it needs a glsa.
Comment 6 Theo Chatzimichos (RETIRED) archtester gentoo-dev Security 2010-01-23 15:22:43 UTC
KDE 3 is not in tree any more. CC us again if you need anything. thanks
Comment 7 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 19:48:02 UTC
KDE 3 long gone.