Candidate: CVE-2009-1715
PublicDate: 2009-06-10 18:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1715
Description:
 Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in
 Apple Safari before 4.0 allows user-assisted remote attackers to inject
 arbitrary web script or HTML, and read local files, via vectors related to
 script execution with incorrect privileges.
Ubuntu-Description:
Notes:
 jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from
  it, while qt4-x11 attempts to unify khtml and webkit
 mdeslaur> code does not appear present in kde4libs
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535793
Priority: low
Discovered-by:
Assigned-to: micahg
CVSS: 

Patches_webkit:
 upstream: http://trac.webkit.org/changeset/31890
upstream_webkit: needs-triage
dapper_webkit: DNE
hardy_webkit: ignored (reached end-of-life)
intrepid_webkit: not-affected (1.0.1-2ubuntu0.1)
jaunty_webkit: not-affected (1.0.1-4)
karmic_webkit: not-affected (1.1.12-1ubuntu1)
lucid_webkit: not-affected (1.1.12-1ubuntu1)
maverick_webkit: not-affected (1.1.12-1ubuntu1)
natty_webkit: not-affected (1.1.12-1ubuntu1)
devel_webkit: not-affected (1.1.12-1ubuntu1)

Patches_qt4-x11:
upstream_qt4-x11: needs-triage
dapper_qt4-x11: not-affected (no webkit)
hardy_qt4-x11: not-affected (no webkit)
intrepid_qt4-x11: needed (reached end-of-life)
jaunty_qt4-x11: not-affected (4.5.0-0ubuntu4.2)
karmic_qt4-x11: not-affected (4.5.2-0ubuntu5)
lucid_qt4-x11: not-affected (4.5.2-0ubuntu5)
maverick_qt4-x11: not-affected (4.5.2-0ubuntu5)
natty_qt4-x11: not-affected (4.5.2-0ubuntu5)
devel_qt4-x11: not-affected (4.5.2-0ubuntu5)