Bug#538349: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
Package: kde4libs
Version: 4:4.2.96-1
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attackers to execute
| arbitrary code or cause a denial of service (memory corruption and
| application crash) via a crafted HTML document.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
http://security-tracker.debian.net/tracker/CVE-2009-1725
[1] http://scarybeastsecurity.blogspot.com/2009/07/iphone-and-safari-advisories.html
The patch:
--- kde4libs-4.2.96.old/khtml/html/htmltokenizer.cpp 2009-05-14 14:27:29.000000000 -0300
+++ kde4libs-4.2.96/khtml/html/htmltokenizer.cpp 2009-07-24 22:20:11.000000000 -0300
@@ -1038,7 +1038,7 @@
#ifdef TOKEN_DEBUG
kDebug( 6036 ) << "unknown entity!";
#endif
- checkBuffer(10);
+ checkBuffer(11);
// ignore the sequence, add it to the buffer as plaintext
*dest++ = '&';
for(unsigned int i = 0; i < cBufferPos; i++)
Reply to: