kde4libs (4:4.2.2-0ubuntu5.4) jaunty-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 15:25:55 -0600
Changed-By: Jamie Strandboge <[email protected]>
Maintainer: Kubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/jaunty/+source/kde4libs/4:4.2.2-0ubuntu5.4
Format: 1.8
Date: Mon, 07 Dec 2009 15:25:55 -0600
Source: kde4libs
Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs-bin libplasma3
libplasma-dev kdelibs5-dbg
Architecture: source
Version: 4:4.2.2-0ubuntu5.4
Distribution: jaunty-security
Urgency: low
Maintainer: Kubuntu Developers <[email protected]>
Changed-By: Jamie Strandboge <[email protected]>
Description:
kdelibs-bin - executables for all KDE 4 core applications
kdelibs5 - core libraries for all KDE 4 applications
kdelibs5-data - core shared data for all KDE 4 applications
kdelibs5-dbg - debugging symbols for the KDE 4 libraries module
kdelibs5-dev - development files for the KDE 4 core libraries
libplasma-dev - development files for the KDE 4 Plasma desktop
libplasma3 - library for the KDE 4 Plasma desktop
Changes:
kde4libs (4:4.2.2-0ubuntu5.4) jaunty-security; urgency=low
.
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to float
- debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
numbers in kjs/dtoa.cpp
- CVE-2009-0689
.
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Checksums-Sha1:
a884142960c340fa61a16e1415eeeaa75d010801 2305 kde4libs_4.2.2-0ubuntu5.4.dsc
19c5a6c8487801575d6cff4b1faf9a45eab011f4 104020
kde4libs_4.2.2-0ubuntu5.4.diff.gz
Checksums-Sha256:
dd05ea17df100414209daf6377ff791dff08d6857a36cef9f77a0852eb83249d 2305
kde4libs_4.2.2-0ubuntu5.4.dsc
3b5ed170a8f2b428e0b53c407707c7b51faaced1aec28a5d6000d451b2fc1263 104020
kde4libs_4.2.2-0ubuntu5.4.diff.gz
Files:
ec9eb15c47913f5ec148ffddca904315 2305 libs optional
kde4libs_4.2.2-0ubuntu5.4.dsc
32d0f05b8444a746a0edd41349c160c2 104020 libs optional
kde4libs_4.2.2-0ubuntu5.4.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <[email protected]>
--
Jaunty-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/jaunty-changes
