Bug#538347: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...

To: submit@bugs.debian.org
Subject: Bug#538347: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
From: Luciano Bello <luciano@debian.org>
Date: Fri, 24 Jul 2009 22:16:21 -0300
Message-id: <[🔎] 200907242216.22273.luciano@debian.org>
Reply-to: Luciano Bello <luciano@debian.org>, 538347@bugs.debian.org

Package: qt4-x11
Version: 4:4.5.2-1
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.

CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attackers to execute
| arbitrary code or cause a denial of service (memory corruption and
| application crash) via a crafted HTML document.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
    http://security-tracker.debian.net/tracker/CVE-2009-1725

[1] PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
[2] Patch http://trac.webkit.org/changeset/44799/

Reply to:

Prev by Date: Bug#538300: [dolphin] Selection is wrong when using mouse, keyboard and shift-Arrow
Next by Date: Bug#538349: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
Previous by thread: Bug#538300: [dolphin] Selection is wrong when using mouse, keyboard and shift-Arrow
Next by thread: Bug#538349: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
Index(es):
- Date
- Thread