1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
Candidate: CVE-2009-1697
PublicDate: 2009-06-10
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1697
Description:
CRLF injection vulnerability in WebKit in Apple Safari before 4.0, iPhone
OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows
remote attackers to inject HTTP headers and bypass the Same Origin Policy
via a crafted HTML document, related to cross-site scripting (XSS) attacks
that depend on communication with arbitrary web sites on the same server
through use of XMLHttpRequest without a Host header.
Ubuntu-Description:
Notes:
jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur> code doesn't seem present in kde4libs
mdeslaur> commit doesn't look like it matches the CVE
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793
Priority: low
Discovered-by:
Assigned-to: micahg
Patches_webkit:
upstream: http://trac.webkit.org/changeset/41262
upstream_webkit: needs-triage
dapper_webkit: DNE
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: needed (reached end-of-life)
jaunty_webkit: ignored (reached end-of-life)
karmic_webkit: not-affected (1.1.12-1ubuntu1)
lucid_webkit: not-affected (1.1.12-1ubuntu1)
maverick_webkit: not-affected (1.1.12-1ubuntu1)
natty_webkit: not-affected (1.1.12-1ubuntu1)
devel_webkit: not-affected (1.1.12-1ubuntu1)
Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
intrepid_qt4-x11: needed (reached end-of-life)
jaunty_qt4-x11: ignored (reached end-of-life)
karmic_qt4-x11: not-affected (4.5.2-0ubuntu5)
lucid_qt4-x11: not-affected (4.5.2-0ubuntu5)
maverick_qt4-x11: not-affected (4.5.2-0ubuntu5)
natty_qt4-x11: not-affected (4.5.2-0ubuntu5)
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)
|