Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 284131 (CVE-2009-1697) - [TRACKER] <net-libs/webkit-gtk-1.1.10: WebKit HTTP header CRLF injection (CVE-2009-1697)
Summary: [TRACKER] <net-libs/webkit-gtk-1.1.10: WebKit HTTP header CRLF injection (CVE...
Alias: CVE-2009-1697
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa]
Keywords: Tracker
Depends on: 287494
  Show dependency tree
Reported: 2009-09-08 11:03 UTC by Alex Legler (RETIRED)
Modified: 2013-09-12 22:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-09-08 11:03:48 UTC
CVE-2009-1697 (
  CRLF injection vulnerability in WebKit in Apple Safari before 4.0,
  iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1
  through 2.2.1 allows remote attackers to inject HTTP headers and
  bypass the Same Origin Policy via a crafted HTML document, related
  to cross-site scripting (XSS) attacks that depend on communication
  with arbitrary web sites on the same server through use of
  XMLHttpRequest without a Host header.
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2011-01-05 06:10:29 UTC
According to, this issue was fixed in =net-libs/webkit-gtk-1.1.10. Updating status to [glsa], so it shows up in reports accordingly.
Comment 2 Chris Reffett (RETIRED) gentoo-dev Security 2013-09-12 22:13:53 UTC
No GLSA for you.