[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
This bug was fixed in the package kdelibs - 4:3.5.10.dfsg.1-3ubuntu2.10.04.1 --- kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416) - Ark and KMail performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff, restricts xmlhttprequest to http protocols only. This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1. - http://www.kde.org/info/security/advisory-20091027-1.txt - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html - CVE n/a * Fix FTBFS: disable parallel building. -- Felix Geyer debfx-...@fobos.de Fri, 15 Oct 2010 21:19:11 +0200 ** Changed in: kdelibs (Ubuntu Lucid) Status: Fix Committed = Fix Released ** Changed in: kdelibs (Ubuntu Maverick) Status: Fix Committed = Fix Released -- Uncontrolled XMLHTTPRequest vulnerability https://bugs.launchpad.net/bugs/661416 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
This bug was fixed in the package kdelibs - 4:3.5.10.dfsg.1-3ubuntu2.10.10.1 --- kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416) - Ark and KMail performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff, restricts xmlhttprequest to http protocols only. This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1. - http://www.kde.org/info/security/advisory-20091027-1.txt - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html - CVE n/a * Fix FTBFS: disable parallel building. -- Felix Geyer debfx-...@fobos.de Fri, 15 Oct 2010 21:19:11 +0200 -- Uncontrolled XMLHTTPRequest vulnerability https://bugs.launchpad.net/bugs/661416 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
Thanks, I've done some local test builds and have uploaded these to the ubuntu-security-proposed ppa https://launchpad.net/~ubuntu-security- proposed/+archive/ppa/ and will release them to the lucid and maverick security pocket soon. ** Changed in: kdelibs (Ubuntu Lucid) Status: Confirmed = Fix Committed ** Changed in: kdelibs (Ubuntu Maverick) Status: Confirmed = Fix Committed ** Changed in: kdelibs (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: kdelibs (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) -- Uncontrolled XMLHTTPRequest vulnerability https://bugs.launchpad.net/bugs/661416 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.10.1) maverick-security; urgency=low * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416) - Ark and KMail performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff, restricts xmlhttprequest to http protocols only. This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1. - http://www.kde.org/info/security/advisory-20091027-1.txt - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html - CVE n/a * Fix FTBFS: disable parallel building. -- Felix Geyer debfx-...@fobos.de Fri, 15 Oct 2010 21:19:11 +0200 ** Patch added: kdelibs_3.5.10.dfsg.1-3ubuntu2.10.10.1.debdiff https://bugs.edge.launchpad.net/ubuntu/+source/kdelibs/+bug/661416/+attachment/1695551/+files/kdelibs_3.5.10.dfsg.1-3ubuntu2.10.10.1.debdiff -- Uncontrolled XMLHTTPRequest vulnerability https://bugs.launchpad.net/bugs/661416 You received this bug notification because you are a member of Kubuntu Bugs, which is subscribed to kdelibs in ubuntu. -- kubuntu-bugs mailing list kubuntu-b...@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/kubuntu-bugs
[Bug 661416] Re: Uncontrolled XMLHTTPRequest vulnerability
kdelibs (4:3.5.10.dfsg.1-3ubuntu2.10.04.1) lucid-security; urgency=low * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability. (LP: #661416) - Ark and KMail performs insufficient validation which leads to specially crafted archive files, using unknown MIME types, to be rendered using a KHTML instance, this can trigger uncontrolled XMLHTTPRequests to remote sites. - Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff, restricts xmlhttprequest to http protocols only. This patch has been accidentally dropped in 4:3.5.10.dfsg.1-3ubuntu1. - http://www.kde.org/info/security/advisory-20091027-1.txt - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html - CVE n/a * Fix FTBFS: disable parallel building. -- Felix Geyer debfx-...@fobos.de Fri, 15 Oct 2010 21:19:11 +0200 ** Patch added: kdelibs_3.5.10.dfsg.1-3ubuntu2.10.04.1.debdiff https://bugs.edge.launchpad.net/ubuntu/+source/kdelibs/+bug/661416/+attachment/1695552/+files/kdelibs_3.5.10.dfsg.1-3ubuntu2.10.04.1.debdiff ** Changed in: kdelibs (Ubuntu Lucid) Status: New = Confirmed ** Changed in: kdelibs (Ubuntu Maverick) Status: New = Confirmed -- Uncontrolled XMLHTTPRequest vulnerability https://bugs.launchpad.net/bugs/661416 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs