-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Second advice. I remember that I'm a simple user. I use this 'mask' to report advices only because, in this way, you can test if this is the best way to proceed.
- ------------------------------------------------------------ Arch Linux Security Warning ALSW 2007-#2 - ------------------------------------------------------------ Name: kdelibs Date: 2007-02-06 Severity: High Warning #: 2007-#2 - ------------------------------------------------------------ Product Background =================== KDE ( K Desktop Environment ) Core Libraries Problem Background =================== There is a possibility to inject javascript references in <title> tags on websites that allow user supplied data to be embedded inside the page title and do not properly escape the text. Problem Packages =================== - ------------------------------------------------------------------ Package | Repo | Group | Unsafe | Safe | - ------------------------------------------------------------------ kdelibs Extra kde < 3.5.6-3 Only patched Package Fix =================== Apply this patch before recompiling kdelibs: ftp://ftp.kde.org/pub/kde/security_patches/post-3.5.6-kdelibs.diff md5sum: edc2cba17795356e98eba6f3841c6277 Reference(s) =================== http://www.kde.org/info/security/advisory-20070206-1.txt http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0537 Contact =================== JJDaNiMoTh (jjdanimoth AT gmail DOT com) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFzN9LcJj0HNhER0MRAkofAKCQlwWJ3tU5e8LkyuiIGjuXB+/lRACeLQN7 vckE3a/q5T2QnWS+TbNil+U= =85Gk -----END PGP SIGNATURE----- _______________________________________________ arch mailing list [email protected] http://www.archlinux.org/mailman/listinfo/arch
