← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

Candidate: CVE-2009-1709
PublicDate: 2009-06-10
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
 http://www.zerodayinitiative.com/advisories/ZDI-09-034/
 http://www.ubuntu.com/usn/usn-823-1
Description:
 Use-after-free vulnerability in the garbage-collection implementation in
 WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to
 execute arbitrary code or cause a denial of service (heap corruption and
 application crash) via an SVG animation element, related to SVG set
 objects, SVG marker elements, the targetElement attribute, and unspecified
 "caches."
Ubuntu-Description:
Notes:
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> PoC: http://trac.webkit.org/browser/trunk/LayoutTests/svg/W3C-SVG-1.1/animate-elem-63-t.svg?format=txt
 mdeslaur> More reproducers: https://bugs.webkit.org/show_bug.cgi?id=18551
 mdeslaur> for kde4libs, code not present in hardy and intrepid
 mdeslaur> and code already fixed in jaunty and karmic
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=506246
 https://bugs.webkit.org/show_bug.cgi?id=18551
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534947
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534951
Priority: medium
Discovered-by:
Assigned-to:

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/32039
upstream_webkit: needs-triage
dapper_webkit: DNE
hardy_webkit: not-affected (code not present)
intrepid_webkit: not-affected (1.0.1-2ubuntu0.1)
jaunty_webkit: not-affected (1.0.1-4)
devel_webkit: not-affected (1.1.12-1ubuntu1)

Patches_kdegraphics:
 vendor: http://security.debian.org/pool/updates/main/k/kdegraphics/kdegraphics_3.5.5-3etch4.diff.gz
 vendor: http://release.debian.org/proposed-updates/stable_diffs/kdegraphics_3.5.9-3+lenny2.debdiff
upstream_kdegraphics: needs-triage
dapper_kdegraphics: ignored (reached end-of-life)
hardy_kdegraphics: released (4:3.5.10-0ubuntu1~hardy1.1)
intrepid_kdegraphics: not-affected (code not present)
jaunty_kdegraphics: not-affected (code not present)
devel_kdegraphics: not-affected (code not present)

Patches_kde4libs:
upstream_kde4libs: needs-triage
dapper_kde4libs: DNE
hardy_kde4libs: not-affected (code not present)
intrepid_kde4libs: not-affected (code not present)
jaunty_kde4libs: not-affected (already fixed)
devel_kde4libs: not-affected (already fixed)

Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
intrepid_qt4-x11: not-affected (code not present)
jaunty_qt4-x11: not-affected (4.5.0-0ubuntu4.2)
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)