Bug#544903: marked as done (CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing)

To: fabo@debian.org
Subject: Bug#544903: marked as done (CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Mon, 07 Dec 2009 12:03:07 +0000
Message-id: <[🔎] handler.544903.D544903.12601872147763.ackdone@bugs.debian.org>
References: <200912071255.12302.fabo@debian.org> <20090903165838.GA896@ngolde.de>

Your message dated Mon, 7 Dec 2009 12:55:12 +0100
with message-id <200912071255.12302.fabo@debian.org>
and subject line CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing
has caused the Debian Bug report #544903,
regarding CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
544903: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544903
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing
From: Nico Golde <nion@debian.org>
Date: Thu, 3 Sep 2009 18:58:38 +0200
Message-id: <20090903165838.GA896@ngolde.de>

Source: qt4-x11
Severity: grave
Tags: security patch

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for qt4-x11.

CVE-2009-2195[0]:
| Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote
| attackers to execute arbitrary code or cause a denial of service
| (application crash) via crafted floating-point numbers.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

A patch for this is 
availablehttp://trac.webkit.org/changeset/45696, looking at 
the code in qt4-x11 you probably need to port it :/

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2195
    http://security-tracker.debian.net/tracker/CVE-2009-2195

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpPo4m3Z6BlB.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 544903-done@bugs.debian.org

Subject: CVE-2009-2195 WebKit: buffer overflow in floating point numbers parsing

From: Fathi Boudra <fabo@debian.org>

Date: Mon, 7 Dec 2009 12:55:12 +0100

Message-id: <200912071255.12302.fabo@debian.org>

Reply-to: fabo@debian.org
Version: 4:4.6.0-1
--- End Message ---

Reply to:

Prev by Date: Bug#423618: konqueror crashes when opening pubmed advanced search
Next by Date: Bug#559873: reports slews of "Bogus memory allocation size" errors to stderr
Previous by thread: Bug#423618: konqueror crashes when opening pubmed advanced search
Next by thread: Bug#559873: reports slews of "Bogus memory allocation size" errors to stderr
Index(es):
- Date
- Thread