CVE-2009-1699

NameCVE-2009-1699
DescriptionThe XSL stylesheet implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle XML external entities, which allows remote attackers to read arbitrary files via a crafted DTD, as demonstrated by a file:///etc/passwd URL in an entity declaration, related to an "XXE attack."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1988-1
Debian Bugs535793

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kde4libssource(unstable)(not affected)
kdelibssource(unstable)(not affected)
qt4-x11sourceetch(not affected)
qt4-x11sourcelenny4.4.3-1+lenny1DSA-1988-1
qt4-x11source(unstable)4:4.5.2-2
webkitsource(unstable)1.0.1-4medium535793

Notes

[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)

Search for package or bug name: Reporting problems