CVE-2009-1694 in Ubuntu

CVE-2009-1694

Priority

Description

WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone
OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects,
which allows remote attackers to read images from arbitrary web sites via
vectors involving a CANVAS element and redirection, related to a
"cross-site image capture issue."

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1694

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793

Assigned-to

micahg

Notes

jdstrand	webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit
mdeslaur	code doesn't seem present in kde4libs

Package

Source: qt4-x11 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (4.5.2-0ubuntu5)

Patches:

Package

Source: webkit (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 22.04 LTS (Jammy Jellyfish):	not-affected (1.1.12-1ubuntu1)

Patches:

Upstream:

http://trac.webkit.org/changeset/35935

More Information

Updated: 2022-02-10 23:37:20 UTC (commit acb3d89ab51f1d5e5543fa993969c0eb13c71f04)