Bug#560905: webkit: CVE-2009-3932 google gears plugin vulnerability

Michael Gilbert michael.s.gilbert at gmail.com
Sun Dec 13 02:31:30 UTC 2009


Package: webkit
Version: 1.1.17-2
Severity: important
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for chrome:

CVE-2009-3932[0]:
| The Gears plugin in Google Chrome before 3.0.195.32 allows
| user-assisted remote attackers to cause a denial of service (memory
| corruption and plugin crash) or possibly execute arbitrary code via
| unspecified use of the Gears SQL API, related to putting "SQL metadata
| into a bad state."

I checked the webkit codebase and found some reference to gears, but I'm
not sure if those are at all involved in this issue (especially since
google is currently embargoing detailed info on the flaw). Please check
and close the bug if you find that webkit itself is not affected.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3932
    http://security-tracker.debian.org/tracker/CVE-2009-3932





More information about the Pkg-webkit-maintainers mailing list