kdebase-runtime (4:4.3.2-0ubuntu4.1) karmic-security; urgency=low
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
Date: Mon, 07 Dec 2009 17:17:57 +0000
Changed-By: Jonathan Riddell <[email protected]>
Maintainer: Kubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/karmic/+source/kdebase-runtime/4:4.3.2-0ubuntu4.1
Format: 1.8
Date: Mon, 07 Dec 2009 17:17:57 +0000
Source: kdebase-runtime
Binary: kdebase-runtime kdebase-runtime-bin-kde4 kdebase-runtime-data
kdebase-runtime-data-common khelpcenter4 khelpcenter
plasma-scriptengine-javascript kdebase-runtime-dbg
Architecture: source
Version: 4:4.3.2-0ubuntu4.1
Distribution: karmic-security
Urgency: low
Maintainer: Kubuntu Developers <[email protected]>
Changed-By: Jonathan Riddell <[email protected]>
Description:
kdebase-runtime - runtime components from the official KDE 4 release
kdebase-runtime-bin-kde4 - core binaries for the KDE 4 base runtime module
kdebase-runtime-data - shared data files for the KDE 4 base runtime module
kdebase-runtime-data-common - shared data files for the KDE 4 base runtime
module
kdebase-runtime-dbg - debugging symbols for KDE 4 base runtime module
khelpcenter - metapackage for the help center for KDE4
khelpcenter4 - Help Center for KDE 4
plasma-scriptengine-javascript - javascript script engine for Plasma
Changes:
kdebase-runtime (4:4.3.2-0ubuntu4.1) karmic-security; urgency=low
.
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
Checksums-Sha1:
9c689be90a5739dddf44354b8510b3bc57bcd551 2236
kdebase-runtime_4.3.2-0ubuntu4.1.dsc
27b410b8cfeeb296bd2850d718d8cfa7fb0af310 43739
kdebase-runtime_4.3.2-0ubuntu4.1.diff.gz
Checksums-Sha256:
152fd69743c6fef9b83cd71a8d5787a20860d972e1250a137a9ea86a3314cad9 2236
kdebase-runtime_4.3.2-0ubuntu4.1.dsc
d6d7cf08a2f2c328d95a60923c43e862e55823d6be0dd1140db18a40611ecf53 43739
kdebase-runtime_4.3.2-0ubuntu4.1.diff.gz
Files:
cebe4be39e025c9e8ab302c35342a8a2 2236 kde optional
kdebase-runtime_4.3.2-0ubuntu4.1.dsc
4c7f4fc39ca280a92ba04ec32a15e694 43739 kde optional
kdebase-runtime_4.3.2-0ubuntu4.1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <[email protected]>
--
Karmic-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/karmic-changes
