Security Updates needed for kde4libs and kdebase-runtime in jaunty-backports
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Jaunty Jackalope Backports |
Fix Released
|
High
|
Scott Kitterman |
Bug Description
kde4libs (4:4.2.
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/
numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRe
- Add debian/
restricts xmlhttprequest to http protocols only
- http://
- oCert: #2009-015 http://
- CVE-2009-XXXX
-- Jamie Strandboge < <email address hidden>> Mon, 07 Dec 2009 15:25:55 -0600
Show details 4:4.3.85-0ubuntu2 release (main) 12 days ago
The Karmic Koala (current stable release)
KDE Base trunk series 8894 Delete Link
Show details 4:4.3.2-0ubuntu4 release (main) ten weeks ago
Show details 4:4.3.2-0ubuntu4.1 updates, security (main) three weeks ago
The Jaunty Jackalope (supported)
KDE Base trunk series 7689 Delete Link
Show details 4:4.2.2-0ubuntu1.1 updates, security (main) three weeks ago
Publishing details
Published on 2009-12-11
Copied from ubuntu jaunty in Private PPA for Ubuntu Security Team
Changelog
kdebase-runtime (4:4.2.
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_
within info kio slave
- http://
- oCert: #2009-015 http://
- CVE-2009-XXXX
-- Jonathan Riddell < <email address hidden>> Mon, 07 Dec 2009 17:59:21 +0000
Changed in jaunty-backports: | |
status: | New → Fix Committed |
importance: | Undecided → High |
assignee: | nobody → Scott Kitterman (kitterman) |
Changed in jaunty-backports: | |
status: | Fix Committed → Fix Released |
Ack from ubuntu-backporters