Bug#544903: CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing

To: submit@bugs.debian.org
Subject: Bug#544903: CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing
From: Nico Golde <nion@debian.org>
Date: Thu, 3 Sep 2009 18:58:38 +0200
Message-id: <[🔎] 20090903165838.GA896@ngolde.de>
Reply-to: Nico Golde <nion@debian.org>, 544903@bugs.debian.org

Source: qt4-x11
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for qt4-x11.

CVE-2009-2195[0]:
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote
| attackers to execute arbitrary code or cause a denial of service
| (application crash) via crafted floating-point numbers.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

A patch for this is 
availablehttp://trac.webkit.org/changeset/45696, looking at 
the code in qt4-x11 you probably need to port it :/

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195
    http://security-tracker.debian.net/tracker/CVE-2009-2195

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpt_KWMM40OP.pgp
Description: PGP signature

Reply to:

Prev by Date: Processed (with 1 errors): your mail
Next by Date: Processed: severity of 538403 is important
Previous by thread: Processed (with 1 errors): your mail
Next by thread: Processed: severity of 538403 is important
Index(es):
- Date
- Thread