=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN047
_____________________________________________________________________

DATE                      : 13/02/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Safari.

======================================================================
http://support.apple.com/kb/HT3439
______________________________________________________________________

APPLE-SA-2009-02-12 Safari 3.2.2 for Windows

Safari 3.2.2 for Windows is now available and addresses the
following:

Safari
CVE-ID:  CVE-2009-0137
Available for:  Windows XP or Vista
Impact:  Accessing a maliciously crafted feed: URL may lead to
arbitrary code execution
Description:  Multiple input validation issues exist in Safari's
handling of feed: URLs. The issues allow execution of arbitrary
JavaScript in the local security zone. This update addresses the
issues through improved handling of embedded JavaScript within feed:
URLs. These issues do not affect Mac OS X systems that have applied
Security Update 2009-001. Credit to Clint Ruoho of Laconic Security,
Billy Rios of Microsoft, and Brian Mastenbrook for reporting these
issues.


Safari 3.2.2 is available via the Apple Software Update application,
or Apple's Safari download site at:
http://www.apple.com/safari/download/

Safari for Windows XP or Vista
The download file is named: "SafariSetup.exe"
Its SHA-1 digest is: b378edc94eb7379056c7969ac918882dc703b53c

Safari+QuickTime for Windows XP or Vista
The file is named: "SafariQuickTimeSetup.exe"
Its SHA-1 digest is: 25efd930a24603f8850d374ff7bf9b76b9a79bce

Information will also be posted to the Apple Security Updates
web site: http://support.apple.com/kb/HT1222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================