Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284132 (CVE-2009-1698) - [TRACKER] WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698)
Summary: [TRACKER] WebKit CSS NULL-pointer deref ACE/DoS (CVE-2009-1698)
Alias: CVE-2009-1698
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Keywords: Tracker
Depends on: 287494
  Show dependency tree
Reported: 2009-09-08 11:03 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-08 11:03:54 UTC
CVE-2009-1698 (
  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
  iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
  pointer during handling of a Cascading Style Sheets (CSS) attr
  function call with a large numerical argument, which allows remote
  attackers to execute arbitrary code or cause a denial of service
  (memory corruption and application crash) via a crafted HTML
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-09-14 22:36:43 UTC
Patched here:

*** This bug has been marked as a duplicate of bug 279187 ***
Comment 2 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-14 22:39:12 UTC
kdelibs done doesn't mean other webkit implementations are not fixed.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-14 22:39:32 UTC
eh s/not//
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2011-01-05 06:11:33 UTC
Changing whiteboard so this can be wrapped into a webkit-gtk GLSA.
Comment 5 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:14:25 UTC
No GLSA for you.