Bug#538349: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

[Luciano Bello <luciano@debian.org>]

Package: kde4libs
Version: 4:4.2.96-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.

CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attackers to execute
| arbitrary code or cause a denial of service (memory corruption and
| application crash) via a crafted HTML document.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
    http://security-tracker.debian.net/tracker/CVE-2009-1725
[1] http://scarybeastsecurity.blogspot.com/2009/07/iphone-and-safari-advisories.html

The patch:
--- kde4libs-4.2.96.old/khtml/html/htmltokenizer.cpp    2009-05-14 14:27:29.000000000 -0300
+++ kde4libs-4.2.96/khtml/html/htmltokenizer.cpp        2009-07-24 22:20:11.000000000 -0300
@@ -1038,7 +1038,7 @@
 #ifdef TOKEN_DEBUG
                 kDebug( 6036 ) << "unknown entity!";
 #endif
-                checkBuffer(10);
+                checkBuffer(11);
                 // ignore the sequence, add it to the buffer as plaintext
                 *dest++ = '&';
                 for(unsigned int i = 0; i < cBufferPos; i++)