XSS scripting vulnerability in kdelibs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kde4libs (Ubuntu) |
Invalid
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Maverick |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Natty |
Invalid
|
Medium
|
Unassigned |
Bug Description
Jeff Mitchell <email address hidden> wrote:
>Hello packagers,
>
>Tim Brown of Nth Dimension reported a vulnerability on Konqueror's
>error
>pages that could allow a XSS attack. It has been assigned
>CVE-2011-1168.
>Maksim Orlovich has provided the patch from the KDE side.
>
>After discussion we have decided to make the patches public from today,
>but to keep the details embargoed until KDE and Nth Security issue
>their
>respective security advisories, which will take place on April 11th --
>two weeks from today.
>
>The commits fixing the issue are the following:
>
>4.4: afaaf24
>4.5: da03cc0
>4.6: 8b06e2c
>trunk: aaa8c42
>
>You can get patches here:
>
>4.4:
>http://
>
>4.5:
>http://
>
>4.6:
>http://
>
>trunk:
>http://
>
>Thanks,
>Jeff
>______
>Kde-packager mailing list
><email address hidden>
>https:/
Changed in kde4libs (Ubuntu Lucid): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kde4libs (Ubuntu Maverick): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kde4libs (Ubuntu Karmic): | |
status: | New → Triaged |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
Changed in kde4libs (Ubuntu Natty): | |
importance: | High → Medium |
status: | Confirmed → Invalid |
Changed in kde4libs (Ubuntu Lucid): | |
status: | In Progress → Fix Committed |
Changed in kde4libs (Ubuntu Maverick): | |
status: | In Progress → Fix Committed |
Changed in kde4libs (Ubuntu Karmic): | |
status: | In Progress → Fix Committed |
Note: This is an email to the private KDE packagers email list.