Debian Bug report logs - #534952
CVE-2009-1698 CVE-2009-1690 CVE-2009-1687

version graph

Package: kdelibs; Maintainer for kdelibs is Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>;

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Sun, 28 Jun 2009 13:39:01 UTC

Severity: serious

Tags: patch, security

Fixed in versions kdelibs/4:3.5.5a.dfsg.1-8etch2, kdelibs/4:3.5.10.dfsg.1-0lenny2, kdelibs/4:3.5.10.dfsg.1-2.1

Done: Giuseppe Iuculano <iuculano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#534952; Package kdelibs. (Sun, 28 Jun 2009 13:39:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. (Sun, 28 Jun 2009 13:39:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2009-1698 CVE-2009-1690 CVE-2009-1687 CVE-2009-0945
Date: Sun, 28 Jun 2009 15:35:54 +0200
Package: kdelibs
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for kdelibs.

CVE-2009-1698[0]:
| WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and
| iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a
| pointer during handling of a Cascading Style Sheets (CSS) attr
| function call with a large numerical argument, which allows remote
| attackers to execute arbitrary code or cause a denial of service
| (memory corruption and application crash) via a crafted HTML document.

CVE-2009-1690[1]:
| Use-after-free vulnerability in WebKit, as used in Apple Safari before
| 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through
| 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows
| remote attackers to execute arbitrary code or cause a denial of
| service (memory corruption and application crash) by setting an
| unspecified property of an HTML tag that causes child elements to be
| freed and later accessed when an HTML error occurs, related to
| "recursion in certain DOM event handlers."

CVE-2009-1687[2]:
| The JavaScript garbage collector in WebKit in Apple Safari before 4.0,
| iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through
| 2.2.1 does not properly handle allocation failures, which allows
| remote attackers to execute arbitrary code or cause a denial of
| service (memory corruption and application crash) via a crafted HTML
| document that triggers write access to an "offset of a NULL pointer."

CVE-2009-0945[3]:
| Array index error in the insertItemBefore method in WebKit, as used in
| Apple Safari before 3.2.3 and 4 Public Beta, iPhone OS 1.0 through
| 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome
| Stable before 1.0.154.65, and possibly other products allows remote
| attackers to execute arbitrary code via a document with a SVGPathList
| data structure containing a negative index in the (1)
| SVGTransformList, (2) SVGStringList, (3) SVGNumberList, (4)
| SVGPathSegList, (5) SVGPointList, or (6) SVGLengthList SVGList object,
| which triggers memory corruption.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1698
    http://security-tracker.debian.net/tracker/CVE-2009-1698
    Upstream WebKit patch: http://trac.webkit.org/changeset/42081
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1690
    http://security-tracker.debian.net/tracker/CVE-2009-1690
    Upstream WebKit patch: http://trac.webkit.org/changeset/42532
    Upstream KDE 4.2 patch: http://websvn.kde.org/?view=rev&revision=983316
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1687
    http://security-tracker.debian.net/tracker/CVE-2009-1687
    Upstream WebKit patch: http://trac.webkit.org/changeset/41854
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0945
    http://security-tracker.debian.net/tracker/CVE-2009-0945
    Upstream WebKit patch: http://trac.webkit.org/changeset/43590
    Upstream KDE 4.2 patch: http://websvn.kde.org/?view=rev&revision=983302

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpHcbcACgkQNxpp46476apx5QCfeH3Pc3dP9utPPbZI0u2HjXrN
/yUAnRkghXsR0jyMpxfPtZooEa8yS/RE
=mO69
-----END PGP SIGNATURE-----




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#534952; Package kdelibs. (Sun, 28 Jun 2009 13:57:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. (Sun, 28 Jun 2009 13:57:05 GMT) Full text and rfc822 format available.

Message #10 received at 534952@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: 534952@bugs.debian.org
Cc: control@bugs.debian.org
Subject: kdelibs is not affected by CVE-2009-0945
Date: Sun, 28 Jun 2009 15:54:53 +0200
[Message part 1 (text/plain, inline)]
retitle 534952 CVE-2009-1698 CVE-2009-1690 CVE-2009-1687
thanks

Apologies, kdelibs is not affected by CVE-2009-0945

Cheers,
Giuseppe.

[signature.asc (application/pgp-signature, attachment)]

Changed Bug title to `CVE-2009-1698 CVE-2009-1690 CVE-2009-1687' from `CVE-2009-1698 CVE-2009-1690 CVE-2009-1687 CVE-2009-0945'. Request was from Giuseppe Iuculano <giuseppe@iuculano.it> to control@bugs.debian.org. (Sun, 28 Jun 2009 13:57:10 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#534952; Package kdelibs. (Wed, 14 Oct 2009 09:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <iuculano@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>. (Wed, 14 Oct 2009 09:33:02 GMT) Full text and rfc822 format available.

Message #17 received at 534952@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 534952@bugs.debian.org, 546212@bugs.debian.org
Subject: NMU
Date: Wed, 14 Oct 2009 11:31:56 +0200
[Message part 1 (text/plain, inline)]
Hi,

Attached is a debdiff of the changes I made for 4:3.5.10.dfsg.1-2.1 0-day NMU.

Cheers,
Giuseppe
[kdelibs_3.5.10.dfsg.1-2.1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]

Reply sent to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility. (Sun, 18 Oct 2009 17:00:07 GMT) Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. (Sun, 18 Oct 2009 17:00:07 GMT) Full text and rfc822 format available.

Message #22 received at 534952-done@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 534952-done@bugs.debian.org
Subject: Fixed
Date: Sun, 18 Oct 2009 18:51:10 +0200
[Message part 1 (text/plain, inline)]
Source: kdelibs
Source-Version: 4:3.5.10.dfsg.1-2.1

[signature.asc (application/pgp-signature, attachment)]

Bug Marked as fixed in versions kdelibs/4:3.5.10.dfsg.1-0lenny2. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Sun, 18 Oct 2009 17:06:02 GMT) Full text and rfc822 format available.

Bug Marked as fixed in versions kdelibs/4:3.5.5a.dfsg.1-8etch2. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Sun, 18 Oct 2009 17:06:03 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Mon, 16 Nov 2009 07:40:16 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 19:31:29 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.