284121 – (CVE-2009-1690) [TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)

Bug 284121 (CVE-2009-1690) - [TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)

Summary: [TRACKER] WebKit DOM recursion Use-after-free ACE/DoS (CVE-2009-1690)

Status:	RESOLVED FIXED

Alias:	CVE-2009-1690

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://cve.mitre.org/cgi-bin/cvename....
Whiteboard:	B2 [ebuild]
Keywords:	Tracker

Depends on:	274566 287494
Blocks:
	Show dependency tree

Reported:	2009-09-08 11:02 UTC by Alex Legler (RETIRED)
Modified:	2013-09-12 22:18 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-09-08 11:02:57 UTC

CVE-2009-1690 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1690):
  Use-after-free vulnerability in WebKit, as used in Apple Safari
  before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch
  1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other
  products, allows remote attackers to execute arbitrary code or cause
  a denial of service (memory corruption and application crash) by
  setting an unspecified property of an HTML tag that causes child
  elements to be freed and later accessed when an HTML error occurs,
  related to "recursion in certain DOM event handlers."

Comment 1 Chris Reffett (RETIRED) gentoo-dev

2013-09-12 22:18:11 UTC

Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.