[ubuntu/intrepid-security] kde4libs_4.1.4-0ubuntu1~intrepid1.5_i386_translations.tar.gz, kde4libs_4.1.4-0ubuntu1~intrepid1.5_sparc_translations.tar.gz, kde4libs, kde4libs_4.1.4-0ubuntu1~intrepid1.5_lpia_translations.tar.gz, kde4libs_4.1.4-0ubuntu1~intrepid1.5_hppa_translations.tar.gz, kde4libs_4.1.4-0ubuntu1~intrepid1.5_ia64_translations.tar.gz, kde4libs_4.1.4-0ubuntu1~intrepid1.5_powerpc_translations.tar.gz, kde4libs_4.1.4-0ubuntu1~intrepid1.5_amd64_translations.tar.gz 4:4.1.4-0ubuntu1~intrepid1.5 (Accepted)

Ubuntu Installer archive at ubuntu.com
Fri Dec 11 01:14:51 GMT 2009 

kde4libs (4:4.1.4-0ubuntu1~intrepid1.5) intrepid-security; urgency=low

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix buffer overflow when converting string to float
    - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
      numbers in kjs/dtoa.cpp
    - CVE-2009-0689

  [ Jonathan Riddell ]
  * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
    - Ark and KMail performs insufficient validation which leads to
      specially crafted archive files, using unknown MIME types, to be
      rendered using a KHTML instance, this can trigger uncontrolled
      XMLHTTPRequests to remote sites
    - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
      restricts xmlhttprequest to http protocols only
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX
   * SECURITY UPDATE: kio help URL validation
    - the 'help://' protocol handler suffer from directory traversal.
    - Add debian/patches/security_03_kioslave_input_validation.diff to
      verify the URL
    - http://www.kde.org/info/security/advisory-20091027-1.txt
    - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
    - CVE-2009-XXXX

Date: Mon, 07 Dec 2009 15:23:45 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/intrepid/+source/kde4libs/4:4.1.4-0ubuntu1~intrepid1.5
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 15:23:45 -0600
Source: kde4libs
Binary: kdelibs5 kdelibs5-data kdelibs5-dev kdelibs5-doc kdelibs-bin kdelibs5-dbg
Architecture: source
Version: 4:4.1.4-0ubuntu1~intrepid1.5
Distribution: intrepid-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kdelibs-bin - executables for all KDE 4 core applications
 kdelibs5   - core libraries for all KDE 4 applications
 kdelibs5-data - core shared data for all KDE 4 applications
 kdelibs5-dbg - debugging symbols for the KDE 4 libraries module
 kdelibs5-dev - development files for the KDE 4 core libraries
 kdelibs5-doc - developer documentation for the KDE 4 core libraries
Changes: 
 kde4libs (4:4.1.4-0ubuntu1~intrepid1.5) intrepid-security; urgency=low
 .
   [ Jamie Strandboge ]
   * SECURITY UPDATE: fix buffer overflow when converting string to float
     - debian/patches/CVE-2009-0689.diff: adjust Kmax to handle large field
       numbers in kjs/dtoa.cpp
     - CVE-2009-0689
 .
   [ Jonathan Riddell ]
   * SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
     - Ark and KMail performs insufficient validation which leads to
       specially crafted archive files, using unknown MIME types, to be
       rendered using a KHTML instance, this can trigger uncontrolled
       XMLHTTPRequests to remote sites
     - Add debian/patches/security_02_XMLHttpRequest_vulnerability.diff,
       restricts xmlhttprequest to http protocols only
     - http://www.kde.org/info/security/advisory-20091027-1.txt
     - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
     - CVE-2009-XXXX
    * SECURITY UPDATE: kio help URL validation
     - the 'help://' protocol handler suffer from directory traversal.
     - Add debian/patches/security_03_kioslave_input_validation.diff to
       verify the URL
     - http://www.kde.org/info/security/advisory-20091027-1.txt
     - oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
     - CVE-2009-XXXX
Checksums-Sha1: 
 fc42b7ef07f335b832044b31aecb7c7f5e1f8053 2308 kde4libs_4.1.4-0ubuntu1~intrepid1.5.dsc
 111821aef8e1c29c600b4421b8c6b717cf07e7d8 95977 kde4libs_4.1.4-0ubuntu1~intrepid1.5.diff.gz
Checksums-Sha256: 
 73319b251d8e0e3e7bcd49f424bd07abd8cc3612cfccb39053896b3081ff107f 2308 kde4libs_4.1.4-0ubuntu1~intrepid1.5.dsc
 4cac62db0963481546ada95910934bf441b799bdf48e323ee66c3435ba247ce4 95977 kde4libs_4.1.4-0ubuntu1~intrepid1.5.diff.gz
Files: 
 89059af41fd455cd8591eab8df0b8ce6 2308 libs optional kde4libs_4.1.4-0ubuntu1~intrepid1.5.dsc
 d9bc80da0287e4a27cb968420d892d4b 95977 libs optional kde4libs_4.1.4-0ubuntu1~intrepid1.5.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

More information about the Intrepid-changes mailing list