An off by one memory read out of bounds issue exists in WebKit's handling of HTML lists. Visiting a maliciously crafted website may lead to an unexpected application termination or the disclosure of the contents of memory. This issue is addressed through improved bounds checking. References: Bugzilla: https://bugs.webkit.org/show_bug.cgi?id=39508 Trac: http://trac.webkit.org/changeset/59950 Acknowledgements: Red Hat would like to thank Drew Yao of Apple Product Security for responsibly reporting this issue.
This is being made public now, we've been given the go-ahead from upstream to do so.
Created webkitgtk tracking bugs for this issue Affects: fedora-all [bug 606304]
Created qt tracking bugs for this issue Affects: fedora-all [bug 538236]
*** Bug 606295 has been marked as a duplicate of this bug. ***
qt-4.6.3-8.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
qt-4.6.3-8.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.