CVE-2009-1698

Name	CVE-2009-1698
Description	WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not initialize a pointer during handling of a Cascading Style Sheets (CSS) attr function call with a large numerical argument, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1867-1, DSA-1868-1, DSA-1950-1, DSA-1988-1
Debian Bugs	534946, 534949

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kde4libs	source	lenny	4:4.1.0-3+lenny1		DSA-1868-1
kde4libs	source	(unstable)	4:4.3.0-1	medium
kdelibs	source	etch	4:3.5.5a.dfsg.1-8etch2		DSA-1867-1
kdelibs	source	lenny	4:3.5.10.dfsg.1-0lenny2		DSA-1867-1
kdelibs	source	(unstable)	4:3.5.10.dfsg.1-2.1	medium		534949
qt4-x11	source	etch	(not affected)
qt4-x11	source	lenny	4.4.3-1+lenny1		DSA-1988-1
qt4-x11	source	(unstable)	4:4.5.2-1
webkit	source	lenny	1.0.1-4+lenny2		DSA-1950-1
webkit	source	(unstable)	1.1.5-1	medium		534946

Notes

http://trac.webkit.org/changeset/42081
[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)