Package: qt4-x11 Version: 4:4.5.2-1 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for webkit.
CVE-2009-1725[0]: | WebKit in Apple Safari before 4.0.2 does not properly handle numeric | character references, which allows remote attackers to execute | arbitrary code or cause a denial of service (memory corruption and | application crash) via a crafted HTML document. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1725 http://security-tracker.debian.net/tracker/CVE-2009-1725 [1] PoC https://cevans-app.appspot.com/static/webkitentityoffbyone.html [2] Patch http://trac.webkit.org/changeset/44799/ -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
