Ubuntu
kdebase package

konqueror URL bar spoofing

Bug #146870 reported by Kees Cook
254
Affects Status Importance Assigned to Milestone
kdebase (Ubuntu)
Fix Released
Medium
Jonathan Riddell
Ubuntu ubuntu-7.10-rc
kdelibs (Ubuntu)
Fix Released
Medium
Jonathan Riddell
Ubuntu ubuntu-7.10-rc

Bug Description

Binary package hint: kdebase

CVE-2007-3820 CVE-2007-4224 CVE-2007-4225

http://www.kde.org/info/security/advisory-20070914-1.txt

...
5. Patch:

        Patches for KDE 3.5.7 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        e15d6b5580c5a20ab935f8e553d113e0 post-3.5.7-kdebase-konqueror-2.diff
        4c0fb2576875ded606f276421fc49752 post-3.5.7-kdelibs-kdecore-2.diff

        Patches for KDE 3.4.2 and newer is available from
        ftp://ftp.kde.org/pub/kde/security_patches :

        d9a07e8d9a138ef9da90b7af8e35d977 post-3.4.2-kdebase-konqueror.diff

CVE References

Revision history for this message
Kees Cook (kees) wrote :

Fixed in Dapper, Edgy, Feisty already. kdelibs is only affected by CVE-2007-4225. kdebase is affected by all three.

Changed in kdelibs:
importance: Undecided → Medium
status: New → Triaged
Changed in kdebase:
importance: Undecided → Medium
status: New → Triaged
Kees Cook (kees)
Changed in kdelibs:
assignee: nobody → jr
Changed in kdebase:
assignee: nobody → jr
Kees Cook (kees)
Changed in kdebase:
status: Triaged → Fix Released
Changed in kdelibs:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.