Candidate: CVE-2009-1724 PublicDate: 2009-07-09 17:30:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1724 Description: Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects. Ubuntu-Description: Notes: jdstrand> qt4-x11 unmaintained upstream (see README.webkit for details) jdstrand> webkit is a fork of khtml from kdelibs. kdelibs5 is farther from it, while qt4-x11 attempts to unify khtml and webkit mdeslaur> although I don't know what the upstream patch is, RH stated mdeslaur> that it didn't affect their kde4libs versions, so I'm removing mdeslaur> it. mdeslaur> can't find info on webkit Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538403 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538402 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-1724 Priority: low Discovered-by: Assigned-to: micahg CVSS: Patches_webkit: upstream_webkit: released (1.1.13-1) dapper_webkit: DNE hardy_webkit: ignored (reached end-of-life) intrepid_webkit: needs-triage (reached end-of-life) jaunty_webkit: ignored (reached end-of-life) karmic_webkit: not-affected (1.1.15.2-1) lucid_webkit: not-affected (1.2.0-1) maverick_webkit: not-affected (1.2.4-1ubuntu1) natty_webkit: not-affected (1.2.4-1ubuntu1) oneiric_webkit: not-affected (1.2.4-1ubuntu1) devel_webkit: not-affected (1.2.4-1ubuntu1) Patches_qt4-x11: upstream_qt4-x11: needs-triage dapper_qt4-x11: ignored (reached end-of-life) hardy_qt4-x11: not-affected (no webkit) intrepid_qt4-x11: needs-triage (reached end-of-life) jaunty_qt4-x11: ignored (reached end-of-life) karmic_qt4-x11: ignored (reached end-of-life) lucid_qt4-x11: ignored (see notes) maverick_qt4-x11: not-affected (webkit isn't built) natty_qt4-x11: not-affected (webkit isn't built) oneiric_qt4-x11: not-affected (webkit isn't built) devel_qt4-x11: not-affected (webkit isn't built)