Package: kde4libs Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for kde4libs.
CVE-2008-1670[0]: | The new progressive PNG Image loader in KHTML of KDE 4.0 and newer | can be tricked into overrunning a heap allocated memory buffer | by loading a specially encoded image. Note, the mitre description is still on status RESERVED, use the upstream advisory as reference for now: http://www.kde.org/info/security/advisory-20080426-1.txt Patch: ftp://ftp.kde.org/pub/kde/security_patches/post-kde-4.0.3-khtml.diff If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1670 http://security-tracker.debian.net/tracker/CVE-2008-1670 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpKoTaUn9Xx6.pgp
Description: PGP signature
