[ubuntu/intrepid-security] kdelibs_3.5.10-0ubuntu6.4_sparc_translations.tar.gz, kdelibs_3.5.10-0ubuntu6.4_hppa_translations.tar.gz, kdelibs, kdelibs_3.5.10-0ubuntu6.4_amd64_translations.tar.gz, kdelibs_3.5.10-0ubuntu6.4_ia64_translations.tar.gz, kdelibs_3.5.10-0ubuntu6.4_i386_translations.tar.gz, kdelibs_3.5.10-0ubuntu6.4_lpia_translations.tar.gz, kdelibs_3.5.10-0ubuntu6.4_powerpc_translations.tar.gz 4:3.5.10-0ubuntu6.4 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Dec 11 01:04:59 GMT 2009
kdelibs (4:3.5.10-0ubuntu6.4) intrepid-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 15:09:53 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/kdelibs/4:3.5.10-0ubuntu6.4
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 15:09:53 -0600
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs4-doc kdelibs-dbg
Architecture: source
Version: 4:3.5.10-0ubuntu6.4
Distribution: intrepid-security
Urgency: low
Maintainer: Ubuntu Core developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4-doc - developer documentation for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Changes:
kdelibs (4:3.5.10-0ubuntu6.4) intrepid-security; urgency=low
.
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
.
[ Jonathon Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Checksums-Sha1:
ebe2f6233c2adacf637001ce61389fc618378bbb 2284 kdelibs_3.5.10-0ubuntu6.4.dsc
7085af7bb2d6a571c25f509242ec27612edc4731 726583 kdelibs_3.5.10-0ubuntu6.4.diff.gz
Checksums-Sha256:
690af5a4656382ef6f75dfcea92494d1f4c33bb979813852c5c39cdddfedd0ce 2284 kdelibs_3.5.10-0ubuntu6.4.dsc
68521e8c9699aac98822dd879f07266431cebe3aa756ca12d02e3883d7a0214f 726583 kdelibs_3.5.10-0ubuntu6.4.diff.gz
Files:
cd10eb858af120c2420b6045e0db2663 2284 libs optional kdelibs_3.5.10-0ubuntu6.4.dsc
2bae45140ba24ccfe427d1000d2cb937 726583 libs optional kdelibs_3.5.10-0ubuntu6.4.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
More information about the Intrepid-changes
mailing list