[ubuntu/karmic] kdelibs 4:3.5.10.dfsg.1-2ubuntu5 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Fri Sep 18 00:30:23 BST 2009
kdelibs (4:3.5.10.dfsg.1-2ubuntu5) karmic; urgency=low
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/security_04_CVE-2009-2702.diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702
* kubuntu_glibc_2.8_ftbfs.diff: fix FTBFS when using gcc 4.4 or higher
* Following patches forward ported from http://www.ubuntu.com/usn/USN-822-1
(by Marc Deslauriers)
* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
collector allocation failures
- debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
overflow before doing the realloc in kjs/collector.cpp.
- CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
- debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
htmlparser,Platform,RefPtr}.h.
- CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
with a large numerical argument
- debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
khtml/css/css_valueimpl.cpp.
- CVE-2009-1698
Date: Tue, 15 Sep 2009 14:38:04 -0500
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/karmic/+source/kdelibs/4:3.5.10.dfsg.1-2ubuntu5
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 15 Sep 2009 14:38:04 -0500
Source: kdelibs
Binary: kdelibs kdelibs-data kdelibs4c2a kdelibs4-dev kdelibs-dbg
Architecture: source
Version: 4:3.5.10.dfsg.1-2ubuntu5
Distribution: karmic
Urgency: low
Maintainer: Kubuntu Developers <kubuntu-devel at lists.ubuntu.com>
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Description:
kdelibs - core libraries from the official KDE release
kdelibs-data - core shared data for all KDE applications
kdelibs-dbg - debugging symbols for kdelibs
kdelibs4-dev - development files for the KDE core libraries
kdelibs4c2a - core libraries and binaries for all KDE applications
Changes:
kdelibs (4:3.5.10.dfsg.1-2ubuntu5) karmic; urgency=low
.
* SECURITY UPDATE: fix vulnerability with NULL byte in Subject Alternate
Names field of X.509 certificates
- debian/patches/security_04_CVE-2009-2702.diff: verify that the
QString length of the SAN is not shorter than the ASN1 length
- CVE-2009-2702
* kubuntu_glibc_2.8_ftbfs.diff: fix FTBFS when using gcc 4.4 or higher
* Following patches forward ported from http://www.ubuntu.com/usn/USN-822-1
(by Marc Deslauriers)
* SECURITY UPDATE: arbitrary code execution via JavaScript garbage
collector allocation failures
- debian/patches/security_01_CVE-2009-1687.diff: make sure we don't
overflow before doing the realloc in kjs/collector.cpp.
- CVE-2009-1687
* SECURITY UPDATE: arbitrary code execution via use-after-free
- debian/patches/security_02_CVE-2009-1690.diff: use head.get() in
khtml/html/htmlparser.cpp, and backport khtml/html/{AlwaysInline,
htmlparser,Platform,RefPtr}.h.
- CVE-2009-1690
* SECURITY UPDATE: arbitrary code execution via CSS attr function call
with a large numerical argument
- debian/patches/security_03_CVE-2009-1698.diff: add extra checks to
khtml/css/cssparser.cpp and implement CSSPrimitiveValue::CSS_ATTR in
khtml/css/css_valueimpl.cpp.
- CVE-2009-1698
Checksums-Sha1:
378d0802572982af0053866576aeb24fdb236886 2334 kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
cf6b6e423653cedd458d9daaae49ea6f1cfeab21 885354 kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Checksums-Sha256:
4acc08c74a7c009359ae4096184a284b184283b15b7c68b9a7655088571bb80a 2334 kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
b5f7d429b9dedd0e032a9c9f2451e7f3dd594e37ce5633fa0d626367afe08ae9 885354 kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Files:
57b12a0f7d5583ef4c6737a626fd2bdd 2334 libs optional kdelibs_3.5.10.dfsg.1-2ubuntu5.dsc
6d0c23220df87f3bd5e202146cb3d9a1 885354 libs optional kdelibs_3.5.10.dfsg.1-2ubuntu5.diff.gz
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqyw3kACgkQW0JvuRdL8BqhSwCcCrlqLKnRPHTlpNZjL8T/fTxX
2jQAnjVLtYTm7eD9a3sn6bYriI9sthl4
=JZHp
-----END PGP SIGNATURE-----
More information about the Karmic-changes
mailing list