[ubuntu/jaunty-security] kdebase-runtime_4.2.2-0ubuntu1.1_armel_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_lpia_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_sparc_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_i386_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_powerpc_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_amd64_translations.tar.gz, kdebase-runtime_4.2.2-0ubuntu1.1_ia64_translations.tar.gz, kdebase-runtime 4:4.2.2-0ubuntu1.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Fri Dec 11 06:04:35 GMT 2009
kdebase-runtime (4:4.2.2-0ubuntu1.1) jaunty-security; urgency=low
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Date: Mon, 07 Dec 2009 17:59:21 +0000
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/kdebase-runtime/4:4.2.2-0ubuntu1.1
-------------- next part --------------
Format: 1.8
Date: Mon, 07 Dec 2009 17:59:21 +0000
Source: kdebase-runtime
Binary: kdebase-runtime kdebase-runtime-bin-kde4 kdebase-runtime-data kdebase-runtime-data-common khelpcenter4 khelpcenter kde-icons-oxygen kdebase-runtime-dbg
Architecture: source
Version: 4:4.2.2-0ubuntu1.1
Distribution: jaunty-security
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jonathan Riddell <jriddell at ubuntu.com>
Description:
kde-icons-oxygen - Oxygen icon theme for KDE 4
kdebase-runtime - runtime components from the official KDE 4 release
kdebase-runtime-bin-kde4 - core binaries for the KDE 4 base runtime module
kdebase-runtime-data - shared data files for the KDE 4 base runtime module
kdebase-runtime-data-common - shared data files for the KDE 4 base runtime module
kdebase-runtime-dbg - debugging symbols for KDE 4 base runtime module
khelpcenter - metapackage for the help center for KDE4
khelpcenter4 - Help Center for KDE 4
Changes:
kdebase-runtime (4:4.2.2-0ubuntu1.1) jaunty-security; urgency=low
.
* SECURITY UPDATE: IO Slaves input sanitization errors
- KDE protocol handlers perform insufficient input validation, an
attacker can craft malicious URI that would trigger JavaScript
execution. Additionally the 'help://' protocol handler suffer from
directory traversal. It should be noted that the scope of this
issue is limited as the malicious URIs cannot be embedded in
Internet hosted content.
- Add security_01_info_kio_no_javascript.diff, stops javascript
within info kio slave
- http://www.kde.org/info/security/advisory-20091027-1.txt
- oCert: #2009-015 http://www.ocert.org/advisories/ocert-2009-015.html
- CVE-2009-XXXX
Checksums-Sha1:
5d8d8c40745564d281ed71a5c9f1234d3763e7a9 2104 kdebase-runtime_4.2.2-0ubuntu1.1.dsc
becfb09cc3d2baf7ccd6a8ffbbf5684c110fe66d 40714 kdebase-runtime_4.2.2-0ubuntu1.1.diff.gz
Checksums-Sha256:
a61514f7a85fec5014280fb2a631ce61574a4284e73c3eb8c3399ffef9229147 2104 kdebase-runtime_4.2.2-0ubuntu1.1.dsc
c61a64bf69163d60e545fa8ba41e72acab81e1df15e253827c74013eba3b523b 40714 kdebase-runtime_4.2.2-0ubuntu1.1.diff.gz
Files:
2ac1ace35e54d7f0f3b01f9dc70e60b7 2104 kde optional kdebase-runtime_4.2.2-0ubuntu1.1.dsc
cfe9d30de0fd8c69c7d8bb379990b8d1 40714 kde optional kdebase-runtime_4.2.2-0ubuntu1.1.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
More information about the Jaunty-changes
mailing list