kdebase-runtime (4:4.1.4-0ubuntu1~intrepid1.2) intrepid-security; urgency=low
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
Date: Mon, 07 Dec 2009 18:26:59 +0000
Changed-By: Jonathan Riddell <[email protected]>
Maintainer: Kubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/intrepid/+source/kdebase-runtime/4:4.1.4-0ubuntu1~intrepid1.2
Format: 1.8
Date: Mon, 07 Dec 2009 18:26:59 +0000
Source: kdebase-runtime
Binary: kdebase-runtime kdebase-runtime-bin-kde4 kdebase-runtime-data
kdebase-runtime-data-common khelpcenter4 khelpcenter kde-icons-oxygen
kdebase-runtime-dbg phonon-backend-xine
Architecture: source
Version: 4:4.1.4-0ubuntu1~intrepid1.2
Distribution: intrepid-security
Urgency: low
Maintainer: Kubuntu Developers <[email protected]>
Changed-By: Jonathan Riddell <[email protected]>
Description:
kde-icons-oxygen - Oxygen icon theme for KDE 4
kdebase-runtime - runtime components from the official KDE 4 release
kdebase-runtime-bin-kde4 - core binaries for the KDE 4 base runtime module
kdebase-runtime-data - shared data files for the KDE 4 base runtime module
kdebase-runtime-data-common - shared data files for the KDE 4 base runtime
module
kdebase-runtime-dbg - debugging symbols for KDE 4 base runtime module
khelpcenter - metapackage for the help center for KDE4
khelpcenter4 - Help Center for KDE 4
phonon-backend-xine - Phonon Xine 1.1.x backend
Changes:
kdebase-runtime (4:4.1.4-0ubuntu1~intrepid1.2) intrepid-security; urgency=low
.
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE n/a
Checksums-Sha1:
7c519f1709500979ca51b09a46830db6e72b391b 2134
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
cecb652ea156b87e1fd80c6f6f48d5208876923d 36571
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Checksums-Sha256:
8e41847607fb0456bad1882f81ff00cdc93848ae98c5c3ab9a2df0c0c896ca82 2134
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
f9437c9b3926f8f8357265a274ce169593b248de6c9aa6020b4e4a715c77caab 36571
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Files:
199cf0744b1d6b6c557be41f1ffe8a79 2134 kde optional
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.dsc
c37c88ec1cbeb1f4be4fb11d4cf69e12 36571 kde optional
kdebase-runtime_4.1.4-0ubuntu1~intrepid1.2.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <[email protected]>
--
Intrepid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/intrepid-changes
