Candidate: CVE-2009-1692
PublicDate: 2009-06-19 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1692
 http://support.apple.com/kb/HT3639
Description:
 WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, iPhone
 OS for iPod touch 1.1 through 2.2.1, Safari, and other software, allows
 remote attackers to cause a denial of service (memory consumption or device
 reset) via a web page containing an HTMLSelectElement object with a large
 length attribute, related to the length property of a Select object.
Ubuntu-Description:
Notes:
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> code doesn't seem present in kde4libs
 mdeslaur> just a DoS
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793
Priority: low
Discovered-by:
Assigned-to: micahg
CVSS: 

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/41741
upstream_webkit: needs-triage
dapper_webkit: DNE
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: needed (reached end-of-life)
jaunty_webkit: ignored (reached end-of-life)
karmic_webkit: not-affected (1.1.12-1ubuntu1)
lucid_webkit: not-affected (1.1.12-1ubuntu1)
maverick_webkit: not-affected (1.1.12-1ubuntu1)
natty_webkit: not-affected (1.1.12-1ubuntu1)
devel_webkit: not-affected (1.1.12-1ubuntu1)

Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
intrepid_qt4-x11: needed (reached end-of-life)
jaunty_qt4-x11: ignored (reached end-of-life)
karmic_qt4-x11: not-affected (4.5.2-0ubuntu5)
lucid_qt4-x11: not-affected (4.5.2-0ubuntu5)
maverick_qt4-x11: not-affected (4.5.2-0ubuntu5)
natty_qt4-x11: not-affected (4.5.2-0ubuntu5)
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)