CVE-2009-1709

Name	CVE-2009-1709
Description	Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1866-1
Debian Bugs	534951

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
kde4libs	source	(unstable)	(not affected)
kdegraphics	source	etch	4:3.5.5-3etch4		DSA-1866-1
kdegraphics	source	lenny	4:3.5.9-3+lenny2		DSA-1866-1
kdegraphics	source	(unstable)	4:4.0	medium		534951
kdelibs	source	(unstable)	(not affected)
webkit	source	(unstable)	0~svn32442-1

Notes

fixed in upstream commit http://trac.webkit.org/changeset/32230
- kdelibs <not-affected> (vulnerable code in kdegraphics)
- kde4libs <not-affected> (Vulnerable code not present)
kdegraphics >4.0 not affected since ksvg is only in 3.5.x series)