[ubuntu/jaunty-security] kdelibs_3.5.10.dfsg.1-1ubuntu8.4_powerpc_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_amd64_translations.tar.gz, kdelibs, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_ia64_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_i386_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_hppa_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_lpia_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_sparc_translations.tar.gz, kdelibs_3.5.10.dfsg.1-1ubuntu8.4_armel_translations.tar.gz 4:3.5.10.dfsg.1-1ubuntu8.4 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Dec 11 01:04:25 GMT 2009
kdelibs (4:3.5.10.dfsg.1-1ubuntu8.4) jaunty-security; urgency=low
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 15:10:37 -0600
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/kdelibs/4:3.5.10.dfsg.1-1ubuntu8.4
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 15:10:37 -0600
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-1ubuntu8.4
Distribution: jaunty-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Changes:
kdelibs (4:3.5.10.dfsg.1-1ubuntu8.4) jaunty-security; urgency=low
.
[ Jamie Strandboge ]
* SECURITY UPDATE: fix buffer overflow when converting string to
float
- debian/patches/security_05_CVE-2009-0689.diff: adjust Kmax to handle
large field numbers in kjs/dtoa.cpp
- CVE-2009-0689
.
[ Jonathan Riddell ]
* SECURITY UPDATE: uncontrolled XMLHTTPRequest vulnerability
- Ark and KMail performs insufficient validation which leads to
specially crafted archive files, using unknown MIME types, to be
rendered using a KHTML instance, this can trigger uncontrolled
XMLHTTPRequests to remote sites
- Add debian/patches/security_05_XMLHttpRequest_vulnerability.diff,
restricts xmlhttprequest to http protocols only
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Checksums-Sha1:
5a4600d55c3368054d4c432140048a173ee0f3f7 2342 kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc
be1959f4baee3ed77a1c5f8b75c577f1a67d09c6 730213 kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz
Checksums-Sha256:
7f439f27e8cf3f098b19aa46f97d3a15409f87b5d153af79c68aca3831485a92 2342 kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc
42e64012c199a99238eef1317bd9a858e23289100fd5952d78c19784ccb7d655 730213 kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz
Files:
ccc0ee94d16a854ef9d6930abb8379d5 2342 libs optional kdelibs_3.5.10.dfsg.1-1ubuntu8.4.dsc
b24ca20a24db817de9901c61f70e90b3 730213 libs optional kdelibs_3.5.10.dfsg.1-1ubuntu8.4.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
More information about the Jaunty-changes
mailing list