← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102

PublicDateAtUSN: 2009-05-13
Candidate: CVE-2009-0945
PublicDate: 2009-05-13
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
 http://www.zerodayinitiative.com/advisories/ZDI-09-022/
 http://www.ubuntu.com/usn/usn-823-1
 http://www.ubuntu.com/usn/usn-822-1
 http://www.ubuntu.com/usn/usn-836-1
 http://www.ubuntu.com/usn/usn-857-1
Description:
 Array index error in the insertItemBefore method in WebKit, as used in
 Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through 2.2.1,
 iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome Stable before
 1.0.154.65, and possibly other products allows remote attackers to execute
 arbitrary code via a document with a SVGPathList data structure containing
 a negative index in the (1) SVGTransformList, (2) SVGStringList, (3)
 SVGNumberList, (4) SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList
 SVGList object, which triggers memory corruption.
Ubuntu-Description:
Notes:
 mdeslaur> PoC: http://bugs.gentoo.org/show_bug.cgi?id=271863
Bugs:
 https://bugs.webkit.org/show_bug.cgi?id=24730 (restricted!)
 http://bugs.gentoo.org/show_bug.cgi?id=271863
 https://bugzilla.redhat.com/show_bug.cgi?id=506703
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532718
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532724
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532725
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534917
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534918
Priority: medium
Discovered-by:
Assigned-to: micahg

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/43590
 upstream: http://trac.webkit.org/changeset/43795 (revised)
upstream_webkit: needs-triage
dapper_webkit: DNE
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: released (1.0.1-2ubuntu0.2)
jaunty_webkit: released (1.0.1-4ubuntu0.1)
karmic_webkit: not-affected (1.1.12-1ubuntu1)
lucid_webkit: not-affected (1.1.12-1ubuntu1)
maverick_webkit: not-affected (1.1.12-1ubuntu1)
natty_webkit: not-affected (1.1.12-1ubuntu1)
devel_webkit: not-affected (1.1.12-1ubuntu1)

Patches_kdegraphics:
 upstream: http://websvn.kde.org/?view=rev&revision=983306 (incorrectly marked as CVE-2009-1709)
 vendor: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz
 vendor: http://release.debian.org/proposed-updates/stable_diffs/kdegraphics_3.5.9-3+lenny2.debdiff
upstream_kdegraphics: needs-triage
dapper_kdegraphics: ignored (reached end-of-life)
hardy_kdegraphics: released (4:3.5.10-0ubuntu1~hardy1.1)
intrepid_kdegraphics: not-affected (code not present)
jaunty_kdegraphics: not-affected (code not present)
karmic_kdegraphics: not-affected (code not present)
lucid_kdegraphics: not-affected (code not present)
maverick_kdegraphics: not-affected (code not present)
natty_kdegraphics: not-affected (code not present)
devel_kdegraphics: not-affected (code not present)

Patches_kdelibs:
upstream_kdelibs: not-affected (code not present)
dapper_kdelibs: not-affected (code not present)
hardy_kdelibs: not-affected (code not present)
intrepid_kdelibs: not-affected (code not present)
jaunty_kdelibs: not-affected (code not present)
karmic_kdelibs: not-affected (code not present)
lucid_kdelibs: not-affected (code not present)
maverick_kdelibs: not-affected (code not present)
natty_kdelibs: not-affected (code not present)
devel_kdelibs: not-affected (code not present)

Patches_kde4libs:
 upstream: http://websvn.kde.org/?view=rev&revision=983302
upstream_kde4libs: needs-triage
dapper_kde4libs: DNE
hardy_kde4libs: not-affected (code not present)
intrepid_kde4libs: not-affected (code not present)
jaunty_kde4libs: released (4:4.2.2-0ubuntu5.1)
karmic_kde4libs: not-affected (4:4.3.0-0ubuntu6)
lucid_kde4libs: not-affected (4:4.3.0-0ubuntu6)
maverick_kde4libs: not-affected (4:4.3.0-0ubuntu6)
natty_kde4libs: not-affected (4:4.3.0-0ubuntu6)
devel_kde4libs: not-affected (4:4.3.0-0ubuntu6)

Patches_qt4-x11:
 upstream: http://websvn.kde.org/?view=rev&revision=983302
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
intrepid_qt4-x11: released (4.4.3-0ubuntu1.4)
jaunty_qt4-x11: released (4.5.0-0ubuntu4.3)
karmic_qt4-x11: not-affected (4.5.2-0ubuntu5)
lucid_qt4-x11: not-affected (4.5.2-0ubuntu5)
maverick_qt4-x11: not-affected (4.5.2-0ubuntu5)
natty_qt4-x11: not-affected (4.5.2-0ubuntu5)
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)