PublicDate: 2008-04-17 19:05:00 UTC
Candidate: CVE-2008-1026
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1026
 http://www.zerodayinitiative.com/advisories/ZDI-08-022/
Description:
 Integer overflow in the PCRE regular expression compiler
 (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari
 before 3.1.1, allows remote attackers to execute arbitrary code via a
 regular expression with large, nested repetition counts, which triggers a
 heap-based buffer overflow.
Ubuntu-Description:
Notes:
 mdeslaur> qt4-x11 is not affected as per debian
Bugs:
Priority: medium
Discovered-by: Charlie Miller, Jake Honoroff and Mark Daniel
Assigned-to: micahg
CVSS: 

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/31388
upstream_webkit: released (3.1.1)
dapper_webkit: DNE
feisty_webkit: DNE
gutsy_webkit: needed (reached end-of-life)
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: not-affected (1.0.1-2)
jaunty_webkit: not-affected (1.0.1-4)
karmic_webkit: not-affected (1.0.1-4)
lucid_webkit: not-affected (1.0.1-4)
maverick_webkit: not-affected (1.0.1-4)
natty_webkit: not-affected (1.0.1-4)
devel_webkit: not-affected (1.0.1-4)