kdelibs (4:3.5.10-0ubuntu6.4) intrepid-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 15:09:53 -0600
Changed-By: Jamie Strandboge <[email protected]>
Maintainer: Ubuntu Core developers <[email protected]>
https://launchpad.net/ubuntu/intrepid/+source/kdelibs/4:3.5.10-0ubuntu6.4
Format: 1.8
Date: Mon, 07 Dec 2009 15:09:53 -0600
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg
Architecture: source
Version: 4:3.5.10-0ubuntu6.4
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core developers <[email protected]>
Changed-By: Jamie Strandboge <[email protected]>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4-doc - developer documentation for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Changes:
kdelibs (4:3.5.10-0ubuntu6.4) intrepid-security; urgency=low
.
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
.
[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Checksums-Sha1:
ebe2f6233c2adacf637001ce61389fc618378bbb 2284 kdelibs_3.5.10-0ubuntu6.4.dsc
7085af7bb2d6a571c25f509242ec27612edc4731 726583
kdelibs_3.5.10-0ubuntu6.4.diff.gz
Checksums-Sha256:
690af5a4656382ef6f75dfcea92494d1f4c33bb979813852c5c39cdddfedd0ce 2284
kdelibs_3.5.10-0ubuntu6.4.dsc
68521e8c9699aac98822dd879f07266431cebe3aa756ca12d02e3883d7a0214f 726583
kdelibs_3.5.10-0ubuntu6.4.diff.gz
Files:
cd10eb858af120c2420b6045e0db2663 2284 libs optional
kdelibs_3.5.10-0ubuntu6.4.dsc
2bae45140ba24ccfe427d1000d2cb937 726583 libs optional
kdelibs_3.5.10-0ubuntu6.4.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <[email protected]>
--
Intrepid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/intrepid-changes
