Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284125 (CVE-2009-1693) - [TRACKER] WebKit Cross-Site SVG capture (CVE-2009-1693)
Summary: [TRACKER] WebKit Cross-Site SVG capture (CVE-2009-1693)
Status: RESOLVED FIXED
Alias: CVE-2009-1693
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://cve.mitre.org/cgi-bin/cvename....
Whiteboard: B4 [ebuild]
Keywords: Tracker
Depends on:
Blocks:
 
Reported: 2009-09-08 11:03 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:22 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-08 11:03:19 UTC
CVE-2009-1693 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1693):
  WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
  iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers
  to read images from arbitrary web sites via a CANVAS element with an
  SVG image, related to a "cross-site image capture issue."
Comment 1 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:21:18 UTC
CVE indicates this is Windows/Mac only.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-03 04:25:38 UTC
Apparently I was wrong. Pretty sure we aren't affected, but will investigate further.
Comment 3 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:22:30 UTC
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster. No GLSA for you.