Bug#560905: webkit: CVE-2009-3932 google gears plugin vulnerability
michael.s.gilbert at gmail.com
Sun Dec 13 02:31:30 UTC 2009
the following CVE (Common Vulnerabilities & Exposures) id was
published for chrome:
| The Gears plugin in Google Chrome before 220.127.116.11 allows
| user-assisted remote attackers to cause a denial of service (memory
| corruption and plugin crash) or possibly execute arbitrary code via
| unspecified use of the Gears SQL API, related to putting "SQL metadata
| into a bad state."
I checked the webkit codebase and found some reference to gears, but I'm
not sure if those are at all involved in this issue (especially since
google is currently embargoing detailed info on the flaw). Please check
and close the bug if you find that webkit itself is not affected.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
More information about the Pkg-webkit-maintainers