[ubuntu/karmic] kdelibs 4:3.5.10.dfsg.1-2ubuntu5 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Fri Sep 18 00:30:23 BST 2009 

kdelibs (4:3.5.10.dfsg.1-2ubuntu5) karmic; urgency=low

  * SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
    Names field of X.509 certificates
    - debian/patches/security_04_CVE-2009-2702.diff: verify that the
      QString length of the SAN is not shorter than the ASN1 length
    - CVE-2009-2702
  * kubuntu_glibc_2.8_ftbfs.diff: fix FTBFS when using gcc 4.4 or higher
  * Following patches forward ported from http://www.ubuntu.com/usn/USN-822-1
    (by Marc Deslauriers)
  * SECURITY UPDATE: arbitrary code execution via JavaScript garbage
    collector allocation failures
    - debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
      overflow before doing the realloc in kjs/collector.cpp.
    - CVE-2009-1687
  * SECURITY UPDATE: arbitrary code execution via use-after-free
    - debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
      khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
      htmlparser,Platform,RefPtr}.h.
    - CVE-2009-1690
  * SECURITY UPDATE: arbitrary code execution via CSS attr function call
    with a large numerical argument
    - debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
      khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
      khtml/css/css_valueimpl.cpp.
    - CVE-2009-1698

Date: Tue, 15 Sep 2009 14:38:04 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/kdelibs/4:3.5.10.dfsg.1-2ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 15 Sep 2009 14:38:04 -0500
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-2ubuntu5
Distribution: karmic
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description: 
 kdelibs    - core libraries from the official KDE release
 kdelibs-data - core shared data for all KDE applications
 kdelibs-dbg - debugging symbols for kdelibs
 kdelibs4-dev - development files for the KDE core libraries
 kdelibs4c2a - core libraries and binaries for all KDE applications
Changes: 
 kdelibs (4:3.5.10.dfsg.1-2ubuntu5) karmic; urgency=low
 .
   * SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
     Names field of X.509 certificates
     - debian/patches/security_04_CVE-2009-2702.diff: verify that the
       QString length of the SAN is not shorter than the ASN1 length
     - CVE-2009-2702
   * kubuntu_glibc_2.8_ftbfs.diff: fix FTBFS when using gcc 4.4 or higher
   * Following patches forward ported from http://www.ubuntu.com/usn/USN-822-1
     (by Marc Deslauriers)
   * SECURITY UPDATE: arbitrary code execution via JavaScript garbage
     collector allocation failures
     - debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
       overflow before doing the realloc in kjs/collector.cpp.
     - CVE-2009-1687
   * SECURITY UPDATE: arbitrary code execution via use-after-free
     - debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
       khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
       htmlparser,Platform,RefPtr}.h.
     - CVE-2009-1690
   * SECURITY UPDATE: arbitrary code execution via CSS attr function call
     with a large numerical argument
     - debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
       khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
       khtml/css/css_valueimpl.cpp.
     - CVE-2009-1698
Checksums-Sha1: 
 378d0802572982af0053866576aeb24fdb236886 2334 kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
 cf6b6e423653cedd458d9daaae49ea6f1cfeab21 885354 kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Checksums-Sha256: 
 4acc08c74a7c009359ae4096184a284b184283b15b7c68b9a7655088571bb80a 2334 kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
 b5f7d429b9dedd0e032a9c9f2451e7f3dd594e37ce5633fa0d626367afe08ae9 885354 kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Files: 
 57b12a0f7d5583ef4c6737a626fd2bdd 2334 libs optional kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
 6d0c23220df87f3bd5e202146cb3d9a1 885354 libs optional kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqyw3kACgkQW0JvuRdL8BqhSwCcCrlqLKnRPHTlpNZjL8T/fTxX
2jQAnjVLtYTm7eD9a3sn6bYriI9sthl4
=JZHp
-----END PGP SIGNATURE-----

More information about the Karmic-changes mailing list