Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284121 (CVE-2009-1690) - [TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)
Summary: [TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)
Status: RESOLVED FIXED
Alias: CVE-2009-1690
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B2 [ebuild]
Keywords: Tracker
Depends on: 274566 287494
Blocks:
  Show dependency tree
 
Reported: 2009-09-08 11:02 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2009-09-08 11:02:57 UTC
CVE-2009-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1690):
  Use-after-free vulnerability in WebKit, as used in Apple Safari
  before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch
  1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other
  products, allows remote attackers to execute arbitrary code or cause
  a denial of service (memory corruption and application crash) by
  setting an unspecified property of an HTML tag that causes child
  elements to be freed and later accessed when an HTML error occurs,
  related to "recursion in certain DOM event handlers."
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:18:11 UTC
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.