Bug#538346: CVE-2009-1725: WebKit in Apple Safari before 4.0.2 does not properly handle numeric ...
Luciano Bello
luciano at debian.org
Sat Jul 25 01:02:01 UTC 2009
Package: webkit
Version: 1.1.10-2
Severity: grave
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for webkit.
CVE-2009-1725[0]:
| WebKit in Apple Safari before 4.0.2 does not properly handle numeric
| character references, which allows remote attackers to execute
| arbitrary code or cause a denial of service (memory corruption and
| application crash) via a crafted HTML document.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725
http://security-tracker.debian.net/tracker/CVE-2009-1725
[1] PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html
[2] Patch http://trac.webkit.org/changeset/44799/
More information about the Pkg-webkit-maintainers
mailing list