Uncontrolled XMLHTTPRequest vulnerability
Bug #661416 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kdelibs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Steve Beattie | ||
Maverick |
Fix Released
|
Undecided
|
Steve Beattie |
Bug Description
Binary package hint: kdelibs
In kdelibs 4:3.5.10.
It has been pushed to hardy-karmic some time ago and I just uploaded it to natty.
So currently lucid and maverick are vulnerable.
visibility: | private → public |
Changed in kdelibs (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
kdelibs (4:3.5. 10.dfsg. 1-3ubuntu2. 10.10.1) maverick-security; urgency=low
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416) quests to remote sites. patches/ security_ 05_XMLHttpReque st_vulnerabilit y.diff, dfsg.1- 3ubuntu1. www.kde. org/info/ security/ advisory- 20091027- 1.txt www.ocert. org/advisories/ ocert-2009- 015.html
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRe
- Add debian/
restricts xmlhttprequest to http protocols only.
This patch has been accidentally dropped in 4:3.5.10.
- http://
- oCert: #2009-015 http://
- CVE n/a
* Fix FTBFS: disable parallel building.
-- Felix Geyer <email address hidden> Fri, 15 Oct 2010 21:19:11 +0200