CVE-2009-1692 in Ubuntu

CVE-2009-1692

Priority

Description

WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone
OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows
remote attackers to cause a denial of service (memory consumption or device
reset) via a web page containing an HTMLSelectElement object with a large
length attribute, related to the length property of a Select object.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1692
http://support.apple.com/kb/HT3639

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code doesn't seem present in kde4libs just a DoS

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/41741

More Information

Updated: 2022-02-10 23:37:20 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)