Bug#534951: marked as done (CVE-2009-1709)
Your message dated Thu, 17 Dec 2009 00:01:32 +0000
with message-id <E1NL3oC-00032t-2a@ries.debian.org>
and subject line Bug#534951: fixed in kdegraphics 4:3.5.9-3+lenny2
has caused the Debian Bug report #534951,
regarding CVE-2009-1709
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
534951: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534951
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: CVE-2009-1709
- From: Giuseppe Iuculano <giuseppe@iuculano.it>
- Date: Sun, 28 Jun 2009 15:26:47 +0200
- Message-id: <20090628132647.11796.68220.reportbug@localhost>
Package: kdegraphics
Version: 4:3.5.5-3etch3 4:3.5.9-3+lenny1
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kdegraphics.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the garbage-collection implementation
| in WebCore in WebKit in Apple Safari before 4.0 allows remote
| attackers to execute arbitrary code or cause a denial of service (heap
| corruption and application crash) via an SVG animation element,
| related to SVG set objects, SVG marker elements, the targetElement
| attribute, and unspecified "caches."
kdegraphics in sid is not affected.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
http://security-tracker.debian.net/tracker/CVE-2009-1709
Upstream WebKit patch: http://trac.webkit.org/changeset/32039
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHb5QACgkQNxpp46476apwnACgh4vgazBJYFAg7avrndN5l60p
kfYAn0VF+Hbo4msqbkOv0NfVTHNCt25E
=TnEJ
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: kdegraphics
Source-Version: 4:3.5.9-3+lenny2
We believe that the bug you reported is fixed in the latest version of
kdegraphics, which is due to be installed in the Debian FTP archive:
kamera_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kamera_3.5.9-3+lenny2_i386.deb
kcoloredit_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kcoloredit_3.5.9-3+lenny2_i386.deb
kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
kdegraphics-dev_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kdegraphics-dev_3.5.9-3+lenny2_i386.deb
kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
to main/k/kdegraphics/kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
kdegraphics_3.5.9-3+lenny2.diff.gz
to main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2.diff.gz
kdegraphics_3.5.9-3+lenny2.dsc
to main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2.dsc
kdegraphics_3.5.9-3+lenny2_all.deb
to main/k/kdegraphics/kdegraphics_3.5.9-3+lenny2_all.deb
kdvi_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kdvi_3.5.9-3+lenny2_i386.deb
kfax_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kfax_3.5.9-3+lenny2_i386.deb
kfaxview_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kfaxview_3.5.9-3+lenny2_i386.deb
kgamma_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kgamma_3.5.9-3+lenny2_i386.deb
kghostview_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kghostview_3.5.9-3+lenny2_i386.deb
kiconedit_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kiconedit_3.5.9-3+lenny2_i386.deb
kmrml_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kmrml_3.5.9-3+lenny2_i386.deb
kolourpaint_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kolourpaint_3.5.9-3+lenny2_i386.deb
kooka_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kooka_3.5.9-3+lenny2_i386.deb
kpdf_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kpdf_3.5.9-3+lenny2_i386.deb
kpovmodeler_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kpovmodeler_3.5.9-3+lenny2_i386.deb
kruler_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kruler_3.5.9-3+lenny2_i386.deb
ksnapshot_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/ksnapshot_3.5.9-3+lenny2_i386.deb
ksvg_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/ksvg_3.5.9-3+lenny2_i386.deb
kuickshow_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kuickshow_3.5.9-3+lenny2_i386.deb
kview_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kview_3.5.9-3+lenny2_i386.deb
kviewshell_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/kviewshell_3.5.9-3+lenny2_i386.deb
libkscan-dev_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/libkscan-dev_3.5.9-3+lenny2_i386.deb
libkscan1_3.5.9-3+lenny2_i386.deb
to main/k/kdegraphics/libkscan1_3.5.9-3+lenny2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 534951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <giuseppe@iuculano.it> (supplier of updated kdegraphics package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 09 Aug 2009 19:33:05 +0200
Source: kdegraphics
Binary: kdegraphics kdegraphics-doc-html kamera kcoloredit kdegraphics-dev kdegraphics-kfile-plugins kdvi kfax kfaxview kgamma kghostview kiconedit kmrml kolourpaint kooka kpdf kpovmodeler kruler ksnapshot ksvg kuickshow kview kviewshell libkscan-dev libkscan1 kdegraphics-dbg
Architecture: source all i386
Version: 4:3.5.9-3+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Giuseppe Iuculano <giuseppe@iuculano.it>
Description:
kamera - digital camera io_slave for Konqueror
kcoloredit - a color palette editor and color picker for KDE
kdegraphics - graphics apps from the official KDE release
kdegraphics-dbg - debugging symbols for kdegraphics
kdegraphics-dev - development files for the KDE graphics module
kdegraphics-doc-html - KDE graphics documentation in HTML format
kdegraphics-kfile-plugins - KDE metainfo plugins for graphic files
kdvi - dvi viewer for KDE
kfax - G3/G4 fax viewer for KDE
kfaxview - G3/G4 fax viewer for KDE using kviewshell
kgamma - gamma correction module for the KDE Control Center
kghostview - PostScript viewer for KDE
kiconedit - an icon editor for KDE
kmrml - a Konqueror plugin for searching pictures
kolourpaint - a simple paint program for KDE
kooka - scanner program for KDE
kpdf - PDF viewer for KDE
kpovmodeler - a graphical editor for povray scenes
kruler - a screen ruler and color measurement tool for KDE
ksnapshot - screenshot utility for KDE
ksvg - SVG viewer for KDE
kuickshow - KDE image/slideshow viewer
kview - simple image viewer/converter for KDE
kviewshell - generic framework for viewer applications in KDE
libkscan-dev - development files for the KDE scanner library
libkscan1 - scanner library for KDE
Closes: 534918 534951
Changes:
kdegraphics (4:3.5.9-3+lenny2) stable-security; urgency=high
.
* Non-maintainer upload.
* Fixed CVE-2009-0945: Null-pointer dereference due to an array index error
was found in the KDE KSVG SVGList interface implementation. A remote
attacker could create a specially-crafted SVG image, which once opened by
an unsuspecting user, would cause memory corruption leading to a denial of
service (Konqueror crash). (Closes: #534918)
* Fixed CVE-2009-1709: A pointer use-after-free flaw was found in the KDE's
KSVG Scalable Vector Graphics (SVG) animation element implementation.
A remote attacker could use this flaw to cause a denial of service
(konqueror crash) or, potentially, execute arbitrary code, with the
privileges of the user running "konqueror" web browser, if the victim was
tricked to open a specially-crafted SVG image. (Closes: #534951)
Checksums-Sha1:
0a92d05139c7689fa2f3da6bb4e248a36ffae7fb 2099 kdegraphics_3.5.9-3+lenny2.dsc
bd4142b10be1c63a96868ec3d818eaf86c3271b0 329841 kdegraphics_3.5.9-3+lenny2.diff.gz
67b1608364b2043e89ac44c0e4c6bf2c279936a7 14018 kdegraphics_3.5.9-3+lenny2_all.deb
22c5aa2813ee4636402d7d85aabaf99231e7c36d 151632 kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
5fb0a77a680bba83c92597f4a9bdd115030d81ed 89234 kamera_3.5.9-3+lenny2_i386.deb
1a755ff90d7b420fa0056e4d535a0b2b58d2d2c1 99966 kcoloredit_3.5.9-3+lenny2_i386.deb
0d6ed424ba468633cf81f750dce4b6c361740099 96210 kdegraphics-dev_3.5.9-3+lenny2_i386.deb
4a5bb1533deb806ea4487bb2e19b95d68bbc7f8e 258892 kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
5c8d06d62dcca062427fb384a109f71c97a244c6 539878 kdvi_3.5.9-3+lenny2_i386.deb
23b052510e1b23343c541a636a5a40231f8b0236 141648 kfax_3.5.9-3+lenny2_i386.deb
7b98028deb6eb6551ffd6b6cbbe43df423245693 108464 kfaxview_3.5.9-3+lenny2_i386.deb
4e7a2bc21d3b0bf15ce471da0438ed6fc4697aa7 75264 kgamma_3.5.9-3+lenny2_i386.deb
bc568b317e13463db5cc6a1b713b9d84afa84baf 235486 kghostview_3.5.9-3+lenny2_i386.deb
d4c8be30f80c6fd61e74038c3789b46a80082cab 173420 kiconedit_3.5.9-3+lenny2_i386.deb
c6cab8b120bc16d91f778b1064f4b655e7fb3866 222050 kmrml_3.5.9-3+lenny2_i386.deb
79f5307252dc18d1b824554bdaa281164d3bc7a8 1071760 kolourpaint_3.5.9-3+lenny2_i386.deb
582687004bdbcfdba5daf59e364a951c930fa6f7 760704 kooka_3.5.9-3+lenny2_i386.deb
34f8a1275e2a2e8b697d78c245b16c83a33ad42b 845462 kpdf_3.5.9-3+lenny2_i386.deb
42d1093f2b6bbbc47109a320a12390319fe635c1 2259598 kpovmodeler_3.5.9-3+lenny2_i386.deb
bde29af7d122a256c95ee7cdd928ed50a374474c 63078 kruler_3.5.9-3+lenny2_i386.deb
ef3c081c06ec27274b4574fcac2e80732de9ee0b 168404 ksnapshot_3.5.9-3+lenny2_i386.deb
901ccb165720bbcd77a36cc1ccd4c39e789e2b8e 1235470 ksvg_3.5.9-3+lenny2_i386.deb
fde230c92f38eb8f8a80d1124e979dd9cda80c86 490202 kuickshow_3.5.9-3+lenny2_i386.deb
e14c9f1c33c932b7f694ce056307cef9eced1959 400562 kview_3.5.9-3+lenny2_i386.deb
fc8d52b4914bfe2b0da4f25e8018f2c50d19ef19 810448 kviewshell_3.5.9-3+lenny2_i386.deb
98c7438b716fd08b2e529cb3fecd15befc31e026 13846 libkscan-dev_3.5.9-3+lenny2_i386.deb
fb7aee0d7d96f7f4e24833bdc7caaf70c2ae05d1 133366 libkscan1_3.5.9-3+lenny2_i386.deb
1f4ca9e7b252ad0d0d51e7fa86ad6418121b162a 25311568 kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
Checksums-Sha256:
f41d72f40b961f80c27665cd3b2029ccc4eac3f2bf9023a2cd0f08f1455f9734 2099 kdegraphics_3.5.9-3+lenny2.dsc
6b0b3741d4629c89d44ad898e1f5311c1b9668717c4686c0720b903d0f574d97 329841 kdegraphics_3.5.9-3+lenny2.diff.gz
703a24ec9e030e27029acc276e6f93d93fd8839d4188bd8c010c6523aaf09013 14018 kdegraphics_3.5.9-3+lenny2_all.deb
b5a641150eb5501371797e68ec69f693a7bd2b9c8396c43dc67caa910d84aea4 151632 kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
172d17645c5f93844fc17515d7ccb0bdd0f42f71e3a510bd086a1052f2135cea 89234 kamera_3.5.9-3+lenny2_i386.deb
44a9139e4b9a511a1d9f7e038755a64d62048425f2342b824879cf6c06766554 99966 kcoloredit_3.5.9-3+lenny2_i386.deb
e44a25bd802a752073b05faf9e62510f69ff027116877d0bea23c8063bb9cc3c 96210 kdegraphics-dev_3.5.9-3+lenny2_i386.deb
36d0d1c104be147ae2d47813fe63152dc8e3ff6ffdeb8a8039901411fd3cadd2 258892 kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
5df1a21cd6e2bccb99216da684fee98df32eda5375c6b962c31f3a5e7bfe9316 539878 kdvi_3.5.9-3+lenny2_i386.deb
1c85cccffb5e42ec4e0b1ff0f9ab59a393c3e9afc07dbc089666947b1d095f67 141648 kfax_3.5.9-3+lenny2_i386.deb
01720f7a05203b42fe113cc918e75247610f853bfc41002daa4f1141d4e77b72 108464 kfaxview_3.5.9-3+lenny2_i386.deb
00b0bcb6c5a21925369f7fb47a71d1b9252f1bf62f3d5260013cca872f63a945 75264 kgamma_3.5.9-3+lenny2_i386.deb
9ffedfd2b1ae2cf1f99220cf896d0e87437586bb30827799e6b084ee3b364b84 235486 kghostview_3.5.9-3+lenny2_i386.deb
2a3a0859c252d05a94e25e28d75c28b2322a8b7412e7f87cd73526233b336c0d 173420 kiconedit_3.5.9-3+lenny2_i386.deb
9e25b6738956a07e17bfbbe1dfceb6f041f0faea63398f528eec7c56f503258f 222050 kmrml_3.5.9-3+lenny2_i386.deb
832eac131956fc4cd473c1fefa3aa6e4ef93db697df0ed9288998edc5624db72 1071760 kolourpaint_3.5.9-3+lenny2_i386.deb
517cbe1de34906d996abd2500986bd83f66ba8a434901f26ac6eb8762753b35e 760704 kooka_3.5.9-3+lenny2_i386.deb
ff6db98957e2d4487b9eec78458ad16b24d690c378f80d3784c70c4d8e8d5cb4 845462 kpdf_3.5.9-3+lenny2_i386.deb
78458dde6732bf7779fcaac4636e0e7cf7c7531eaa84164936cbd2244a0d9e85 2259598 kpovmodeler_3.5.9-3+lenny2_i386.deb
4700f3500c6e7d3641b87070090391955698ee0e9c4d7d4fbe3dfcc01f6ae440 63078 kruler_3.5.9-3+lenny2_i386.deb
b01c0d9e65cd1f2cfb267bc4810d98d969302eea3f85780d757e7560ebc48446 168404 ksnapshot_3.5.9-3+lenny2_i386.deb
b469e7903d9887d881986bef47ea472ed60cdf1287c77ec7f5ba6ded85959c62 1235470 ksvg_3.5.9-3+lenny2_i386.deb
d3b9d3367b6a32435e6e79676eb79a51f69020ac80b89792a849c92b4c7d2f45 490202 kuickshow_3.5.9-3+lenny2_i386.deb
e67b82e276502f0ab2e471dda0cea54451466c946747e6e2a6b56bb68aebb2db 400562 kview_3.5.9-3+lenny2_i386.deb
6930a5caa178860fc1bcc204d4d568c09415aac6304baf9f389eb9e34915a17d 810448 kviewshell_3.5.9-3+lenny2_i386.deb
807422898eb908536b49c38e35b3c8cbae0a3818973851f8560cbab5376af5f4 13846 libkscan-dev_3.5.9-3+lenny2_i386.deb
02271477348ba363ce06637d58760cd61594555cf775d3eee5ffc03b0a5f7993 133366 libkscan1_3.5.9-3+lenny2_i386.deb
dd265b42923ccef7a64e2c40edae3a03e47e2197edeecea38a626d8f4cb43b40 25311568 kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
Files:
bcbf5f3672f5fd0ddf223d5fa9dd4aaf 2099 kde optional kdegraphics_3.5.9-3+lenny2.dsc
377367200036e0744319e01d1701c665 329841 kde optional kdegraphics_3.5.9-3+lenny2.diff.gz
249e523fa7eb5dbe95c660ffdababed1 14018 kde optional kdegraphics_3.5.9-3+lenny2_all.deb
08857b9c2a9607b501882dbc55542fd1 151632 doc optional kdegraphics-doc-html_3.5.9-3+lenny2_all.deb
5a47ce16ef37bc77a20475863ee846b1 89234 graphics optional kamera_3.5.9-3+lenny2_i386.deb
0544e42214ac0f616cd4543b6c794c52 99966 graphics optional kcoloredit_3.5.9-3+lenny2_i386.deb
93cc2132c711b9a48047f46f229746a5 96210 devel optional kdegraphics-dev_3.5.9-3+lenny2_i386.deb
70099e93de584f93b0a2749e861844b0 258892 kde optional kdegraphics-kfile-plugins_3.5.9-3+lenny2_i386.deb
2ec53ad78480ccd10d9baa05d963f092 539878 graphics optional kdvi_3.5.9-3+lenny2_i386.deb
40e1eca21bb702a2cdd67e8929a33a33 141648 graphics optional kfax_3.5.9-3+lenny2_i386.deb
7ab491fbafe92277c70d6eca1d2ee936 108464 graphics optional kfaxview_3.5.9-3+lenny2_i386.deb
eece61f6fca5b2d1c81e5752e8f0711b 75264 graphics optional kgamma_3.5.9-3+lenny2_i386.deb
c472b87dc0e1a854e20ab88291d66d22 235486 graphics optional kghostview_3.5.9-3+lenny2_i386.deb
8c3e4f6b22b65107cef634f9e4c9c4d2 173420 graphics optional kiconedit_3.5.9-3+lenny2_i386.deb
e694e1652b83d7870c1214a1f04be0e0 222050 kde optional kmrml_3.5.9-3+lenny2_i386.deb
ab3f7239310ebf3344ddb29a50435036 1071760 graphics optional kolourpaint_3.5.9-3+lenny2_i386.deb
3159479eb78a8afa7bcb206f3dd48015 760704 graphics optional kooka_3.5.9-3+lenny2_i386.deb
8aa747439f71a19d333c08107d3ade37 845462 graphics optional kpdf_3.5.9-3+lenny2_i386.deb
2bbbcd148a8eb6f9689d79257d96fd51 2259598 graphics optional kpovmodeler_3.5.9-3+lenny2_i386.deb
9ab320134e4830d9e99cf78d52b819b9 63078 graphics optional kruler_3.5.9-3+lenny2_i386.deb
33ed11c02d27892dcb522b120b7013d8 168404 graphics optional ksnapshot_3.5.9-3+lenny2_i386.deb
adeb8533c7e904f6b67e9c208d2ac365 1235470 graphics optional ksvg_3.5.9-3+lenny2_i386.deb
989c4fad0d20135b7789ce1b793ae3e0 490202 graphics optional kuickshow_3.5.9-3+lenny2_i386.deb
b5f9de1cd55615784eef94909d6e362c 400562 graphics optional kview_3.5.9-3+lenny2_i386.deb
107c7d3c58ad4c302554478dd5f9c518 810448 graphics optional kviewshell_3.5.9-3+lenny2_i386.deb
ba53b6595e88621333e8e56cf49093ad 13846 libdevel optional libkscan-dev_3.5.9-3+lenny2_i386.deb
3763cb0e4b5a957adb06f2732d6e360c 133366 libs optional libkscan1_3.5.9-3+lenny2_i386.deb
7b5ddc709d6c4fdf9133f0b1d734325d 25311568 libdevel extra kdegraphics-dbg_3.5.9-3+lenny2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqFQdkACgkQ62zWxYk/rQfa6QCfRgB0ZXSk3iEnP7bQCDTtZvuJ
QZwAoJb3GITzKzoyDmzTY//qP4JulAoH
=6kHK
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: