CVE-2009-1690

Name	CVE-2009-1690
Description	Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1867-1, DSA-1868-1, DSA-1950-1, DSA-1988-1
Debian Bugs	534946, 534947, 534949, 534952

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kde4libs	source	lenny	4:4.1.0-3+lenny1		DSA-1868-1
kde4libs	source	(unstable)	4:4.3.0-1	medium		534949
kdelibs	source	etch	4:3.5.5a.dfsg.1-8etch2		DSA-1867-1
kdelibs	source	lenny	4:3.5.10.dfsg.1-0lenny2		DSA-1867-1
kdelibs	source	(unstable)	4:3.5.10.dfsg.1-2.1	medium		534952
qt4-x11	source	etch	(not affected)
qt4-x11	source	lenny	4.4.3-1+lenny1		DSA-1988-1
qt4-x11	source	(unstable)	4:4.5.2-1	medium		534947
webkit	source	lenny	1.0.1-4+lenny2		DSA-1950-1
webkit	source	(unstable)	1.1.5-1	medium		534946

Notes

http://trac.webkit.org/changeset/42532
http://websvn.kde.org/?view=rev&revision=983316
[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)