[Secure-testing-team] Bug#534951: CVE-2009-1709
Giuseppe Iuculano
giuseppe at iuculano.it
Sun Jun 28 13:26:47 UTC 2009
Package: kdegraphics
Version: 4:3.5.5-3etch3 4:3.5.9-3+lenny1
Severity: serious
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for kdegraphics.
CVE-2009-1709[0]:
| Use-after-free vulnerability in the garbage-collection implementation
| in WebCore in WebKit in Apple Safari before 4.0 allows remote
| attackers to execute arbitrary code or cause a denial of service (heap
| corruption and application crash) via an SVG animation element,
| related to SVG set objects, SVG marker elements, the targetElement
| attribute, and unspecified "caches."
kdegraphics in sid is not affected.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1709
http://security-tracker.debian.net/tracker/CVE-2009-1709
Upstream WebKit patch: http://trac.webkit.org/changeset/32039
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpHb5QACgkQNxpp46476apwnACgh4vgazBJYFAg7avrndN5l60p
kfYAn0VF+Hbo4msqbkOv0NfVTHNCt25E
=TnEJ
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list